diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index feb8e8ac29..bdd26c81ef 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,6 +9,8 @@ If you'd like to contribute, please read the following document: * [PSR-1][2]: PSR-1 are standard conventions rules we use as a base (conversion of old code still in progress) * [PSR-2][3]: PSR-2 are more detailed standard conventions rules we use as base (conversion of old code still in progress) +We expect contributions to be sent through Pull Requests, a special feature of Github. We recommend you follow this guide to understand a little more about the way it works: https://guides.github.com/activities/contributing-to-open-source/ + [1]: https://support.chamilo.org/projects/chamilo-18/wiki/Coding_conventions [2]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-1-basic-coding-standard.md [3]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md diff --git a/custompages/README b/custompages/README deleted file mode 100755 index bda4eba0c7..0000000000 --- a/custompages/README +++ /dev/null @@ -1,13 +0,0 @@ -CustomPages looks for alternatives in this directory, and displays them if present. The user-provided custom pages must exactly be named as such : - -- index-logged.php for the general landing page before login -- index-unlogged.php for the general landing page when already logged-in -- registration.php for the registration form -- registration-feedback.php for the registration success feedback -- lostpassword.php for the password recovery form -- lostpassword-feedback.php for the password recovery feedback page - -Important note : -Enable the use_custom_pages setting - -If you pull this feature from a repo, not through an upgrade or install process, you have to exectute the following SQL statements in the main database or this option won't appear in the admin interface : diff --git a/custompages/README.md b/custompages/README.md new file mode 100644 index 0000000000..e0c2bea502 --- /dev/null +++ b/custompages/README.md @@ -0,0 +1,24 @@ +Custom pages +============= + +CustomPages looks for alternatives in this directory, and displays them if present. +The user-provided custom pages must exactly be named as such : + +- index-logged.php for the general landing page before login +- index-unlogged.php for the general landing page when already logged-in +- registration.php for the registration form +- registration-feedback.php for the registration success feedback +- lostpassword.php for the password recovery form + + +### Installation + +- Enable the use_custom_pages setting +- Create your own modifications based in the files with the suffix "-dist.php" + +### Important notes + +- Do not replace the images in the images/ directory. + Instead, create new images, as the current ones will be overwritten + by each Chamilo upgrade. + diff --git a/custompages/first_login.php b/custompages/first_login-dist.php old mode 100755 new mode 100644 similarity index 100% rename from custompages/first_login.php rename to custompages/first_login-dist.php diff --git a/custompages/index-logged.php b/custompages/index-logged-dist.php old mode 100755 new mode 100644 similarity index 100% rename from custompages/index-logged.php rename to custompages/index-logged-dist.php diff --git a/custompages/index-unlogged.php b/custompages/index-unlogged-dist.php old mode 100755 new mode 100644 similarity index 100% rename from custompages/index-unlogged.php rename to custompages/index-unlogged-dist.php diff --git a/custompages/loggedout.php b/custompages/loggedout-dist.php old mode 100755 new mode 100644 similarity index 100% rename from custompages/loggedout.php rename to custompages/loggedout-dist.php diff --git a/custompages/lostpassword.php b/custompages/lostpassword-dist.php old mode 100755 new mode 100644 similarity index 100% rename from custompages/lostpassword.php rename to custompages/lostpassword-dist.php diff --git a/custompages/registration.php b/custompages/registration-dist.php old mode 100755 new mode 100644 similarity index 100% rename from custompages/registration.php rename to custompages/registration-dist.php diff --git a/custompages/registration-feedback.php b/custompages/registration-feedback-dist.php old mode 100755 new mode 100644 similarity index 100% rename from custompages/registration-feedback.php rename to custompages/registration-feedback-dist.php diff --git a/documentation/changelog.html b/documentation/changelog.html index 59f92dfe7b..008814840c 100755 --- a/documentation/changelog.html +++ b/documentation/changelog.html @@ -44,9 +44,22 @@

Note: most #wxyz references are issue numbers you can find in our public bug tracking system. Some references marked BT#xyz are developments made externally for BeezNest customers and integrated into Chamilo. The details of these tasks cannot be seen for confidentiality reasons, but the code change is public and can be reviewed by anyone.

 

-

Chamilo 1.9.10 - Huánuco, 10th of November, 2014

+

Chamilo 1.10.0 - ???, ??? 2015

Release notes - summary

-

Chamilo 1.9.10 is a patch version with a few minor bugfixes and a new packaging. This will be packaged and promoted as 1.9.8, but the folder inside the 1.9.8 will be called 1.9.10, with a few changes to this changelog file and a few fixes throughout the code (as such, you can just overwrite previous files to upgrade from 1.9.8, 1.9.8.1 or 1.9.8.2 to 1.9.10).

+

Chamilo 1.10.0 is a major version of the 1.10.x branch, with new features and bugfixes on top of 1.9.10. As a major version, it requires the use of the upgrade script in order to upgrade an existing Chamilo portal. See install instructions

+

Release name

+

Security fixes

+

Possibly breaking changes

+

Notable new Features

+

Improvements (minor features) and debug

+

Stylesheets and theming

+

Web services

+

Removals

+ + +

Chamilo 1.9.10 - Huánuco, 25th of January, 2015

+

Release notes - summary

+

Chamilo 1.9.10 is a new minor version of the 1.9.x branch, with many bugfixes and a few interesting new features (as such, you can just overwrite previous files to upgrade from 1.9.8, 1.9.8.1 or 1.9.8.2 to 1.9.10).

Release name

Huánuco is a small city in the Peruvian Andes, Northeast of Lima. This is a special @@ -63,36 +76,48 @@ platform, that will serve its purpose, helping making education better and more widely available, better than ever before.

-

Possibly breaking changes

-

Two changes have been made to the forum tool code, which might make some of your forums disappear and require a direct database intervention.
-First case: If you use forums with sessions and have placed a session forum inside a base-course forum category, the forum category will now no longer appear in any session, and as such, the session forums contained in that category will disappear. You can easily fix that by checking the c_forum_forum table for any record with session_id != 0 that points to a forum category that has session_id == 0. This is related to issue #7264.
-Second case: if you use group forums and have had issues with posts appearing twice, then this release will fix this bug, but might also make some forum posts disappear. Although we could not reproduce the error, you should be able to fix it by changing the group_id column inside the c_forum_thread table. This is related to issue #7267
-This is an exceptional event in the history of Chamilo, and we believe it should only affect very few portals, but we prefer to take precautionnary measures and warn you upfront.
-

- -

Security

+

Security fixes

All security issues are published and patches are attached on our security issues page. If you think you found an additional security issue you'd like to report, please check our procedure there. +

Possibly breaking changes

+

Two changes have been made to the forum tool code, which might make some of your forums disappear and require a direct database intervention.
+ First case: If you use forums with sessions and have placed a session forum inside a base-course forum category, the forum category will now no longer appear in any session, and as such, the session forums contained in that category will disappear. You can easily fix that by checking the c_forum_forum table for any record with session_id != 0 that points to a forum category that has session_id == 0. This is related to issue #7264.
+ Second case: In very rare occasions, if you use group forums and have had issues with posts appearing twice, then this release will fix this bug, but might also make some forum posts disappear. Although we could not reproduce the error, you should be able to fix it by changing the group_id column inside the c_forum_thread table. This is related to issue #7267
+ This is an exceptional event in the history of Chamilo, and we believe it should only affect very few portals, but we prefer to take precautionnary measures and warn you upfront.
+

+

Notable new Features

diff --git a/documentation/credits.html b/documentation/credits.html index da1d96fe4b..c43c1714b3 100755 --- a/documentation/credits.html +++ b/documentation/credits.html @@ -58,6 +58,11 @@ In the following credits, when possible, we tried to put the latest contributors

Core contributors / Core team

The core contributors are the people who contributed most to the Chamilo software. We are eternally thankful to them for having demonstrated a very high level of commitment, contributing their time and ideas to the project. Since version 1.9, we also include non-developer contributors as we consider their help is essential to the success of our project. This list is updated with each version.

+

Chamilo LMS 1.10.*

+

Chamilo LMS 1.9.*


diff --git a/index.php b/index.php index e99f30a676..0cd9122780 100755 --- a/index.php +++ b/index.php @@ -118,8 +118,7 @@ if (!empty($_POST['submitAuth'])) { } } // End login -- if ($_POST['submitAuth']) -} -else { +} else { // Only if login form was not sent because if the form is sent the user was already on the page. event_open(); } @@ -142,8 +141,7 @@ if (!api_is_anonymous()) { if (api_is_platform_admin()) { $controller->tpl->assign('course_block', $controller->return_course_block()); - } - else { + } else { $controller->tpl->assign('teacher_block', $controller->return_teacher_link()); } } @@ -151,6 +149,22 @@ if (!api_is_anonymous()) { $hot_courses = null; $announcements_block = null; + +// Display the Site Use Cookie Warning Validation +$useCookieValidation = api_get_configuration_value('cookie_warning'); +if ($useCookieValidation) { + if (isset($_POST['acceptCookies'])) { + api_set_site_use_cookie_warning_cookie(); + } else if (!api_site_use_cookie_warning_cookie_exist()) { + if (Template::isToolBarDisplayedForUser()) { + $controller->tpl->assign('toolBarDisplayed', true); + } else { + $controller->tpl->assign('toolBarDisplayed', false); + } + $controller->tpl->assign('displayCookieUsageWarning', true); + } +} + // When loading a chamilo page do not include the hot courses and news if (!isset($_REQUEST['include'])) { @@ -163,9 +177,7 @@ if (!isset($_REQUEST['include'])) { $controller->tpl->assign('hot_courses', $hot_courses); $controller->tpl->assign('announcements_block', $announcements_block); $controller->tpl->assign('home_page_block', $controller->return_home_page()); - $controller->tpl->assign('navigation_course_links', $controller->return_navigation_links()); - $controller->tpl->assign('notice_block', $controller->return_notice()); $controller->tpl->assign('main_navigation_block', $controller->return_navigation_links()); $controller->tpl->assign('help_block', $controller->return_help()); @@ -183,7 +195,7 @@ if (isset($_GET['firstpage'])) { api_set_firstpage_parameter($_GET['firstpage']); // if we are already logged, go directly to course if (api_user_is_login()) { - echo ""; + echo ""; } } else { api_delete_firstpage_parameter(); diff --git a/main/admin/access_url_add_courses_to_url.php b/main/admin/access_url_add_courses_to_url.php index bfc4cf3628..a30f233bd7 100755 --- a/main/admin/access_url_add_courses_to_url.php +++ b/main/admin/access_url_add_courses_to_url.php @@ -82,9 +82,10 @@ if (empty($first_letter_user)) { unset($result); } -$first_letter_course = Database::escape_string($first_letter_course); +$first_letter_course_lower = Database::escape_string(api_strtolower($first_letter_course)); + $sql = "SELECT code, title FROM $tbl_course - WHERE title LIKE '".$first_letter_course."%' OR title LIKE '".api_strtolower($first_letter_course)."%' + WHERE title LIKE '".$first_letter_course_lower."%' OR title LIKE '".$first_letter_course_lower."%' ORDER BY title, code DESC "; $result = Database::query($sql); diff --git a/main/admin/access_url_add_users_to_url.php b/main/admin/access_url_add_users_to_url.php index fe281f3865..1a12236a58 100755 --- a/main/admin/access_url_add_users_to_url.php +++ b/main/admin/access_url_add_users_to_url.php @@ -79,12 +79,12 @@ if (empty($first_letter_user)) { } unset($result); } -$first_letter_user = Database::escape_string($first_letter_user); +$first_letter_user_lower = Database::escape_string(api_strtolower($first_letter_user)); $target_name = api_sort_by_first_name() ? 'firstname' : 'lastname'; $target_name = 'lastname'; $sql = "SELECT user_id,lastname,firstname,username FROM $tbl_user - WHERE ".$target_name." LIKE '".$first_letter_user."%' OR ".$target_name." LIKE '".api_strtolower($first_letter_user)."%' + WHERE ".$target_name." LIKE '".$first_letter_user_lower."%' OR ".$target_name." LIKE '".$first_letter_user_lower."%' ORDER BY ". (count($users) > 0 ? "(user_id IN(".implode(',', $users).")) DESC," : "")." ".$target_name; $result = Database::query($sql); $db_users = Database::store_result($result); diff --git a/main/admin/access_url_edit.php b/main/admin/access_url_edit.php index 2a81157bd6..cd71ecca16 100755 --- a/main/admin/access_url_edit.php +++ b/main/admin/access_url_edit.php @@ -120,7 +120,7 @@ $form->setDefaults($defaults); $submit_name = get_lang('AddUrl'); if (isset($_GET['url_id'])) { - $url_id = Database::escape_string($_GET['url_id']); + $url_id = intval($_GET['url_id']); $num_url_id = UrlManager::url_id_exist($url_id); if($num_url_id != 1) { header('Location: access_urls.php'); diff --git a/main/admin/access_urls.php b/main/admin/access_urls.php index 892eb667b9..bc9d8473d0 100755 --- a/main/admin/access_urls.php +++ b/main/admin/access_urls.php @@ -40,7 +40,7 @@ if (isset ($_GET['action'])) { $check = Security::check_token('get'); if ($check) { - $url_id = Database::escape_string($_GET['url_id']); + $url_id = intval($_GET['url_id']); switch ($_GET['action']) { case 'delete_url': diff --git a/main/admin/add_courses_to_usergroup.php b/main/admin/add_courses_to_usergroup.php index 1e9160c68c..4aa7cca1a7 100755 --- a/main/admin/add_courses_to_usergroup.php +++ b/main/admin/add_courses_to_usergroup.php @@ -156,7 +156,6 @@ function search($needle,$type) // xajax send utf8 datas... datas in db can be non-utf8 datas $charset = api_get_system_encoding(); - $needle = Database::escape_string($needle); $needle = api_convert_encoding($needle, $charset, 'utf-8'); if ($type == 'single') { diff --git a/main/admin/add_sessions_to_promotion.php b/main/admin/add_sessions_to_promotion.php index e34fca2aee..8fac87485b 100755 --- a/main/admin/add_sessions_to_promotion.php +++ b/main/admin/add_sessions_to_promotion.php @@ -123,7 +123,6 @@ function search_sessions($needle, $type) // xajax send utf8 datas... datas in db can be non-utf8 datas $charset = api_get_system_encoding(); - $needle = Database::escape_string($needle); $needle = api_convert_encoding($needle, $charset, 'utf-8'); $session_list = SessionManager::get_sessions_list( diff --git a/main/admin/add_sessions_to_usergroup.php b/main/admin/add_sessions_to_usergroup.php index 627ee5f39a..90a7a44fa8 100755 --- a/main/admin/add_sessions_to_usergroup.php +++ b/main/admin/add_sessions_to_usergroup.php @@ -133,7 +133,6 @@ function search_sessions($needle,$type) { // xajax send utf8 datas... datas in db can be non-utf8 datas $charset = api_get_system_encoding(); - $needle = Database::escape_string($needle); $needle = api_convert_encoding($needle, $charset, 'utf-8'); if ($type == 'single') { diff --git a/main/admin/add_users_to_group.php b/main/admin/add_users_to_group.php index bf31d515ef..6f511884a6 100755 --- a/main/admin/add_users_to_group.php +++ b/main/admin/add_users_to_group.php @@ -107,7 +107,6 @@ function search_users($needle, $type, $relation_type) // xajax send utf8 datas... datas in db can be non-utf8 datas $charset = api_get_system_encoding(); - $needle = Database::escape_string($needle); $needle = api_convert_encoding($needle, $charset, 'utf-8'); $user_anonymous = api_get_anonymous_id(); $order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username'; diff --git a/main/admin/archive_cleanup.php b/main/admin/archive_cleanup.php index 1cfb7de0f7..55752baacc 100755 --- a/main/admin/archive_cleanup.php +++ b/main/admin/archive_cleanup.php @@ -28,8 +28,8 @@ $message = null; if ($form->validate()) { $archive_path = api_get_path(SYS_ARCHIVE_PATH); - $htaccess = @file_get_contents($archive_path.'.htaccess'); - $result = rmdirr($archive_path, true); + $htaccess = @file_get_contents($archive_path.'.htaccess'); + $result = rmdirr($archive_path, true, true); if (!empty($htaccess)) { @file_put_contents($archive_path.'/.htaccess', $htaccess); diff --git a/main/admin/calendar.lib.php b/main/admin/calendar.lib.php index 05e15ab323..2670b7266b 100755 --- a/main/admin/calendar.lib.php +++ b/main/admin/calendar.lib.php @@ -539,7 +539,7 @@ function store_edited_agenda_item() { function save_edit_agenda_item($id, $title, $content, $start_date, $end_date) { $TABLEAGENDA = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR); - $id=Database::escape_string($id); + $id=intval($id); $title=Database::escape_string($title); $content=Database::escape_string($content); @@ -902,7 +902,7 @@ function display_one_agenda_item($agenda_id) $TABLEAGENDA = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR); $TABLE_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY); - $agenda_id=Database::escape_string($agenda_id); + $agenda_id = intval($agenda_id); //echo "displaying agenda items"; // getting the name of the groups @@ -2642,7 +2642,7 @@ function is_repeated_event($id,$course=null) $course = $course_info['dbName']; } $id = (int) $id; - //$t_agenda_repeat = Database::get_course_table(TABLE_AGENDA_REPEAT,$course); + $t_agenda_repeat = Database::get_course_table(TABLE_AGENDA_REPEAT); $sql = "SELECT * FROM $t_agenda_repeat WHERE cal_id = $id"; $res = Database::query($sql); if(Database::num_rows($res)>0) @@ -2733,24 +2733,21 @@ function agenda_add_item($title, $content, $db_start_date, $db_end_date) { return $last_id; } /** - * Adds a repetitive item to the database - * @param array Course info - * @param int The original event's id - * @param string Type of repetition - * @param int Timestamp of end of repetition (repeating until that date) - * @param array Original event's destination - * @return boolean False if error, True otherwise + * Gets calendar items + * @param int Month + * @param int Year + * @return array Array of events */ - function get_calendar_items($month, $year) { - global $_user, $_course; - global $is_allowed_to_edit; +function get_calendar_items($month, $year) +{ + global $_user, $_course; + global $is_allowed_to_edit; - $month=Database::escape_string($month); - $year=Database::escape_string($year); + $month = intval($month); + $year = intval($year); - // database variables - $TABLEAGENDA = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR); - //$TABLE_ITEM_PROPERTY=Database::get_course_table(TABLE_ITEM_PROPERTY); + // database variables + $TABLEAGENDA = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR); $month_first_day = mktime(0,0,0,$month,1,$year); $month_last_day = mktime(0,0,0,$month+1,1,$year)-1; diff --git a/main/admin/class_list.php b/main/admin/class_list.php index b696574d64..ddcfb2aa74 100755 --- a/main/admin/class_list.php +++ b/main/admin/class_list.php @@ -34,13 +34,13 @@ function get_number_of_classes() { * @param int $number_of_items * @param string $direction */ -function get_class_data($from, $number_of_items, $column, $direction) { +function get_class_data($from, $number_of_items, $column, $direction = 'ASC') { $tbl_class_user = Database::get_main_table(TABLE_MAIN_CLASS_USER); $tbl_class = Database :: get_main_table(TABLE_MAIN_CLASS); - $from = Database::escape_string($from); - $number_of_items = Database::escape_string($number_of_items); - $column = Database::escape_string($column); - $direction = Database::escape_string($direction); + $from = intval($from); + $number_of_items = intval($number_of_items); + $column = intval($column); + $direction = ($direction == 'ASC'?'ASC':'DESC'); $sql = "SELECT id AS col0, name AS col1, COUNT(user_id) AS col2, id AS col3 FROM $tbl_class diff --git a/main/admin/configure_homepage.php b/main/admin/configure_homepage.php index 7d9fb4aedd..a63a659fe1 100755 --- a/main/admin/configure_homepage.php +++ b/main/admin/configure_homepage.php @@ -1,9 +1,11 @@ 'index.php', 'name' => get_lang('PlatformAdmin')); +$interbreadcrumb[] = array( + 'url' => 'index.php', + 'name' => get_lang('PlatformAdmin') +); if (!empty($action)) { - $interbreadcrumb[] = array('url' => 'configure_homepage.php', 'name' => get_lang('ConfigureHomePage')); + $interbreadcrumb[] = array( + 'url' => 'configure_homepage.php', + 'name' => get_lang('ConfigureHomePage') + ); + switch ($action) { case 'edit_top': $tool_name = get_lang('EditHomePage'); @@ -134,6 +143,8 @@ if (!empty($_SESSION['user_language_choice'])) { $lang = api_get_setting('platformLanguage'); } +$languageGet = isset($_GET['language']) ? Security::remove_XSS($_GET['language']) : $lang; + // Ensuring availability of main files in the corresponding language if (api_is_multiple_url_enabled()) { @@ -165,29 +176,30 @@ $noticef = 'home_notice'; //noticef for Notice File $menutabs= 'home_tabs'; //menutabs for tabs Menu $mtloggedin= 'home_tabs_logged_in'; //menutabs for tabs Menu $ext = '.html'; //ext for HTML Extension - when used frequently, variables are - // faster than hardcoded strings +// faster than hardcoded strings $homef = array($menuf, $newsf, $topf, $noticef, $menutabs, $mtloggedin); // If language-specific file does not exist, create it by copying default file foreach ($homef as $my_file) { - if (api_is_multiple_url_enabled()) { - if (!file_exists($homep_new.$my_file.'_'.$lang.$ext)) { - if (!file_exists($homep.$my_file.$ext)) { - touch($homep.$my_file.$ext); - } - @copy($homep.$my_file.$ext, $homep_new.$my_file.'_'.$lang.$ext); - } - } else { - if (!file_exists($homep.$my_file.'_'.$lang.$ext)) { - if (!file_exists($homep.$my_file.$ext)) { - touch($homep.$my_file.$ext); - } - @copy($homep.$my_file.$ext, $homep.$my_file.'_'.$lang.$ext); - } - } + if (api_is_multiple_url_enabled()) { + if (!file_exists($homep_new.$my_file.'_'.$lang.$ext)) { + if (!file_exists($homep.$my_file.$ext)) { + touch($homep.$my_file.$ext); + } + @copy($homep.$my_file.$ext, $homep_new.$my_file.'_'.$lang.$ext); + } + } else { + if (!file_exists($homep.$my_file.'_'.$lang.$ext)) { + if (!file_exists($homep.$my_file.$ext)) { + touch($homep.$my_file.$ext); + } + @copy($homep.$my_file.$ext, $homep.$my_file.'_'.$lang.$ext); + } + } } + if (api_is_multiple_url_enabled()) { - $homep = $homep_new; + $homep = $homep_new; } // Check WCAG settings and prepare edition using WCAG @@ -224,25 +236,22 @@ if (!empty($action)) { } // Write - if (file_exists($homep.$topf.'_'.$lang.$ext)) { + if (is_writable($homep)) { + // Default if (is_writable($homep.$topf.'_'.$lang.$ext)) { $fp = fopen($homep.$topf.'_'.$lang.$ext, 'w'); fputs($fp, $home_top); fclose($fp); - foreach ($_languages['name'] as $key => $value) { - $lang_name = $_languages['folder'][$key]; - if (isset($_POST[$lang_name])) { - if (file_exists($homep.$topf.'_'.$lang_name.$ext)) { - if (is_writable($homep.$topf.'_'.$lang_name.$ext)) { - $fp = fopen($homep.$topf.'_'.$lang_name.$ext, 'w'); - fputs($fp, $home_top); - fclose($fp); - } - } - } - } - + // Language + foreach ($_languages['name'] as $key => $value) { + $lang_name = $_languages['folder'][$key]; + if (isset($_POST[$lang_name])) { + $fp = fopen($homep.$topf.'_'.$lang_name.$ext, 'w'); + fputs($fp, $home_top); + fclose($fp); + } + } } else { $errorMsg = get_lang('HomePageFilesNotWritable'); } @@ -252,22 +261,28 @@ if (!empty($action)) { fputs($fp, $home_top); fclose($fp); - foreach ($_languages['name'] as $key => $value) { - $lang_name = $_languages['folder'][$key]; - if (isset($_POST[$lang_name])) { - if (file_exists($homep.$topf.'_'.$lang_name.$ext)) { - $fp = fopen($homep.$topf.'_'.$lang_name.$ext, 'w'); - fputs($fp, $home_top); - fclose($fp); - } - } - } - } - - if (EventsMail::check_if_using_class('portal_homepage_edited')) { - EventsDispatcher::events('portal_homepage_edited',array('about_user' => api_get_user_id())); - } - event_system(LOG_HOMEPAGE_CHANGED, 'edit_top', cut(strip_tags($home_top), 254), api_get_utc_datetime(), api_get_user_id()); + foreach ($_languages['name'] as $key => $value) { + $lang_name = $_languages['folder'][$key]; + if (isset($_POST[$lang_name])) { + if (file_exists($homep.$topf.'_'.$lang_name.$ext)) { + $fp = fopen($homep.$topf.'_'.$lang_name.$ext, 'w'); + fputs($fp, $home_top); + fclose($fp); + } + } + } + } + + if (EventsMail::check_if_using_class('portal_homepage_edited')) { + EventsDispatcher::events('portal_homepage_edited',array('about_user' => api_get_user_id())); + } + event_system( + LOG_HOMEPAGE_CHANGED, + 'edit_top', + cut(strip_tags($home_top), 254), + api_get_utc_datetime(), + api_get_user_id() + ); break; case 'edit_notice': // Filter @@ -283,32 +298,32 @@ if (!empty($action)) { if ($errorMsg == '') { fputs($fp, "$notice_title
\n$notice_text"); - foreach ($_languages['name'] as $key => $value) { - $lang_name = $_languages['folder'][$key]; - if (isset($_POST[$lang_name])) { - if (file_exists($homep.$noticef.'_'.$lang_name.$ext)) { - if (is_writable($homep.$noticef.'_'.$lang_name.$ext)) { - $fp = fopen($homep.$noticef.'_'.$lang_name.$ext, 'w'); - fputs($fp, "$notice_title
\n$notice_text"); - fclose($fp); - } - } - } - } - } else { + foreach ($_languages['name'] as $key => $value) { + $lang_name = $_languages['folder'][$key]; + if (isset($_POST[$lang_name])) { + if (file_exists($homep.$noticef.'_'.$lang_name.$ext)) { + if (is_writable($homep.$noticef.'_'.$lang_name.$ext)) { + $fp = fopen($homep.$noticef.'_'.$lang_name.$ext, 'w'); + fputs($fp, "$notice_title
\n$notice_text"); + fclose($fp); + } + } + } + } + } else { fputs($fp, ''); - foreach ($_languages['name'] as $key => $value) { - $lang_name = $_languages['folder'][$key]; - if (isset($_POST[$lang_name])) { - if (file_exists($homep.$noticef.'_'.$lang_name.$ext)) { - $fp1 = fopen($homep.$noticef.'_'.$lang_name.$ext, 'w'); - fputs($fp1, ''); - fclose($fp1); - } - } - } - } + foreach ($_languages['name'] as $key => $value) { + $lang_name = $_languages['folder'][$key]; + if (isset($_POST[$lang_name])) { + if (file_exists($homep.$noticef.'_'.$lang_name.$ext)) { + $fp1 = fopen($homep.$noticef.'_'.$lang_name.$ext, 'w'); + fputs($fp1, ''); + fclose($fp1); + } + } + } + } fclose($fp); } else { $errorMsg .= "
\n".get_lang('HomePageFilesNotWritable'); @@ -319,7 +334,7 @@ if (!empty($action)) { fputs($fp, "$notice_title
\n$notice_text"); fclose($fp); } - event_system(LOG_HOMEPAGE_CHANGED, 'edit_notice', cut(strip_tags($notice_title), 254), api_get_utc_datetime(), api_get_user_id()); + event_system(LOG_HOMEPAGE_CHANGED, 'edit_notice', cut(strip_tags($notice_title), 254), api_get_utc_datetime(), api_get_user_id()); break; case 'edit_news': //Filter @@ -365,7 +380,7 @@ if (!empty($action)) { } } } - event_system(LOG_HOMEPAGE_CHANGED, 'edit_news', strip_tags(cut($home_news, 254)), api_get_utc_datetime(), api_get_user_id()); + event_system(LOG_HOMEPAGE_CHANGED, 'edit_news', strip_tags(cut($home_news, 254)), api_get_utc_datetime(), api_get_user_id()); break; case 'insert_tabs': case 'edit_tabs': @@ -375,7 +390,7 @@ if (!empty($action)) { $insert_where = intval($_POST['insert_where']); $link_name = trim(stripslashes($_POST['link_name'])); $link_url = trim(stripslashes($_POST['link_url'])); - $add_in_tab = intval($_POST['add_in_tab']); + $add_in_tab = intval($_POST['add_in_tab']); // WCAG if (api_get_setting('wcag_anysurfer_public_pages') == 'true') { @@ -437,33 +452,33 @@ if (!empty($action)) { // If the file doesn't exist, then create it and // fill it with default text - $fp = @fopen($homep.$filename, 'w'); - if ($fp) { - if (empty($link_html)) { - fputs($fp, get_lang('MyTextHere')); - home_tabs($homep.$filename); - } else { - fputs($fp, $link_html); - home_tabs($homep.$filename); - } - fclose($fp); - } + $fp = @fopen($homep.$filename, 'w'); + if ($fp) { + if (empty($link_html)) { + fputs($fp, get_lang('MyTextHere')); + home_tabs($homep.$filename); + } else { + fputs($fp, $link_html); + home_tabs($homep.$filename); + } + fclose($fp); + } } // If the requested action is to edit a link, open the file and // write to it (if the file doesn't exist, create it) if (in_array($action, array('edit_link')) && !empty($link_html)) { - $fp = @fopen($homep.$filename, 'w'); - if ($fp) { - fputs($fp, $link_html); - home_tabs($homep.$filename); - fclose($fp); - } + $fp = @fopen($homep.$filename, 'w'); + if ($fp) { + fputs($fp, $link_html); + home_tabs($homep.$filename); + fclose($fp); + } } - $class_add_in_tab = 'class="show_menu"'; - if (!$add_in_tab) { - $class_add_in_tab = 'class="hide_menu"'; - } + $class_add_in_tab = 'class="show_menu"'; + if (!$add_in_tab) { + $class_add_in_tab = 'class="hide_menu"'; + } // If the requested action is to create a link, make some room // for the new link in the home_menu array at the requested place @@ -491,15 +506,15 @@ if (!empty($action)) { home_tabs($homep.$menuf.'_'.$lang.$ext); fclose($fp); - foreach ($_languages['name'] as $key => $value) { - $lang_name = $_languages['folder'][$key]; - if (isset($_POST[$lang_name])) { - $fp = fopen($homep.$menuf.'_'.$lang_name.$ext, 'w'); - fputs($fp, $home_menu); - home_tabs($homep.$menuf.'_'.$lang_name.$ext); - fclose($fp); - } - } + foreach ($_languages['name'] as $key => $value) { + $lang_name = $_languages['folder'][$key]; + if (isset($_POST[$lang_name])) { + $fp = fopen($homep.$menuf.'_'.$lang_name.$ext, 'w'); + fputs($fp, $home_menu); + home_tabs($homep.$menuf.'_'.$lang_name.$ext); + fclose($fp); + } + } if (file_exists($homep.$menuf.$ext)) { if (is_writable($homep.$menuf.$ext)) { @@ -519,23 +534,29 @@ if (!empty($action)) { home_tabs($homep.$menuf.'_'.$lang.$ext); fclose($fp); - foreach ($_languages['name'] as $key => $value) { - $lang_name = $_languages['folder'][$key]; - if (isset($_POST[$lang_name])) { - $fp = fopen($homep.$menuf.'_'.$lang_name.$ext, 'w'); - fputs($fp, $home_menu); - home_tabs($homep.$menuf.'_'.$lang_name.$ext); - fclose($fp); - } - } - } + foreach ($_languages['name'] as $key => $value) { + $lang_name = $_languages['folder'][$key]; + if (isset($_POST[$lang_name])) { + $fp = fopen($homep.$menuf.'_'.$lang_name.$ext, 'w'); + fputs($fp, $home_menu); + home_tabs($homep.$menuf.'_'.$lang_name.$ext); + fclose($fp); + } + } + } } - event_system(LOG_HOMEPAGE_CHANGED, $action, cut($link_name.':'.$link_url, 254), api_get_utc_datetime(), api_get_user_id()); + event_system( + LOG_HOMEPAGE_CHANGED, + $action, + cut($link_name . ':' . $link_url, 254), + api_get_utc_datetime(), + api_get_user_id() + ); break; } //end of switch($action) if (empty($errorMsg)) { - header('Location: '.api_get_self()); + header('Location: '.api_get_self().'?language='.$languageGet); exit(); } } else { @@ -651,7 +672,7 @@ if (!empty($action)) { } elseif (is_file($homep.$mtloggedin.$lang.$ext) && is_readable($homep.$mtloggedin.$lang.$ext)) { $home_menu = @file($homep.$mtloggedin.$lang.$ext); } elseif (touch($homep.$mtloggedin.'_'.$lang.$ext)) { - $home_menu = @file($homep.$mtloggedin.'_'.$lang.$ext); + $home_menu = @file($homep.$mtloggedin.'_'.$lang.$ext); } else { $errorMsg = get_lang('HomePageFilesNotReadable'); } @@ -678,11 +699,11 @@ if (!empty($action)) { $errorMsg = get_lang('HomePageFilesNotReadable'); } - if (empty($home_menu)) { - if (file_exists($homep.$menutabs.'_'.$lang.$ext)) { - $home_menu = @file($homep.$menutabs.'_'.$lang.$ext); - } - } + if (empty($home_menu)) { + if (file_exists($homep.$menutabs.'_'.$lang.$ext)) { + $home_menu = @file($homep.$menutabs.'_'.$lang.$ext); + } + } if (empty($home_menu)) { $home_menu = array(); @@ -723,11 +744,11 @@ if (!empty($action)) { $target_blank = true; } - if (strstr($enreg, 'hide_menu')) { + if (strstr($enreg, 'hide_menu')) { $add_in_tab = false; } else { - $add_in_tab = true; - } + $add_in_tab = true; + } // Remove dangerous HTML tags from the link itself (this is an // additional measure in case a link previously contained @@ -782,32 +803,32 @@ switch ($action) { // Display for edit_notice case ?>
- - - - - - - - - - - - - - - - - - - - -
'.get_lang('LetThoseFieldsEmptyToHideTheNotice').''; ?>
:
:
-
 
+ + + + + + + + + + + + + + + + + + + + +
'.get_lang('LetThoseFieldsEmptyToHideTheNotice').''; ?>
:
:
+
 
addElement('text', 'link_name', get_lang('LinkName'), array('size' => '30', 'maxlength' => '50')); if (!empty($link_name)) { - $default['link_name'] = $link_name; - } + $default['link_name'] = $link_name; + } $default['link_url'] = empty($link_url) ? 'http://' : api_htmlentities($link_url, ENT_QUOTES); - $linkUrlComment = ($action == 'insert_tabs') ? get_lang('Optional').'
'.get_lang('GlobalLinkUseDoubleColumnPrivateToShowPrivately') : ''; - $form->addElement('text', 'link_url', array(get_lang('LinkURL'), $linkUrlComment), array('size' => '30', 'maxlength' => '100', 'style' => 'width: 350px;')); - - $options = array('-1' => get_lang('FirstPlace')); + $linkUrlComment = ($action == 'insert_tabs') ? get_lang('Optional').'
'.get_lang('GlobalLinkUseDoubleColumnPrivateToShowPrivately') : ''; + $form->addElement('text', 'link_url', array(get_lang('LinkURL'), $linkUrlComment), array('size' => '30', 'maxlength' => '100', 'style' => 'width: 350px;')); + + $options = array('-1' => get_lang('FirstPlace')); $selected = ''; if ($action == 'insert_link' || $action == 'insert_tabs') { - $add_in_tab = 1; + $add_in_tab = 1; if (is_array($home_menu)){ foreach ($home_menu as $key => $enreg) { if (strlen($enreg = trim(strip_tags($enreg))) > 0) { - $options[$key] = get_lang('After').' "'.$enreg.'"'; - $formSentCheck = (!empty($_POST['formSent']) ? true : false); - $selected = $formSentCheck && $insert_where == $key ? $key : ''; + $options[$key] = get_lang('After').' "'.$enreg.'"'; + $formSentCheck = (!empty($_POST['formSent']) ? true : false); + $selected = $formSentCheck && $insert_where == $key ? $key : ''; } } } - $default['insert_link'] = $selected; - $form->addElement('select', 'insert_where', get_lang('InsertThisLink') , $options); + $default['insert_link'] = $selected; + $form->addElement('select', 'insert_where', get_lang('InsertThisLink') , $options); } $target_blank_checkbox = $form->addElement('checkbox', 'target_blank', null, get_lang('OpenInNewWindow'), 1); - if ($action == 'insert_tabs' || $action == 'edit_tabs') { - $form->addElement('checkbox', 'add_in_tab', null, get_lang('AddInMenu'), 1); - $default['add_in_tab'] = $add_in_tab; - } + if ($action == 'insert_tabs' || $action == 'edit_tabs') { + $form->addElement('checkbox', 'add_in_tab', null, get_lang('AddInMenu'), 1); + $default['add_in_tab'] = $add_in_tab; + } if (!empty($target_blank)) { $target_blank_checkbox->setChecked(true); } @@ -873,31 +894,31 @@ switch ($action) { } $form->addElement('style_submit_button', null, get_lang('Save'), 'class="save"'); } else { - if (in_array($action, array('edit_tabs','insert_tabs'))) { - if (api_get_setting('wcag_anysurfer_public_pages')=='true') { - $form->addElement('html', get_lang('Content').' ('.get_lang('Optional').')'); - $form->addElement('html', WCAG_Rendering::create_xhtml(isset($_POST['link_html'])?$_POST['link_html']:(!empty($link_html) ? $link_html : ''))); - } else { - $default['link_html'] = isset($_POST['link_html']) ? $_POST['link_html'] : (!empty($link_html) ? $link_html : ''); - $form->add_html_editor('link_html', get_lang('Content'), false, false, array('ToolbarSet' => 'PortalHomePage', 'Width' => '100%', 'Height' => '400')); - } - } - $form->addElement('checkbox', 'all_langs', null, get_lang('ApplyAllLanguages'), array('id' => 'all_langs')); - $form->addElement('html',''); - $i = 0; - foreach ($_languages['name'] as $key => $value) { - $i++; - $lang_name = $_languages['folder'][$key]; - $html_langs = ''; - if ($i%5 == 0) { - $html_langs .= ''; - } - $form->addElement('html', $html_langs); - } - $form->addElement('html','
'; - $html_langs .= '

'); - $form->addElement('style_submit_button', null, get_lang('Save'), 'class="save"'); + if (in_array($action, array('edit_tabs','insert_tabs'))) { + if (api_get_setting('wcag_anysurfer_public_pages')=='true') { + $form->addElement('html', get_lang('Content').' ('.get_lang('Optional').')'); + $form->addElement('html', WCAG_Rendering::create_xhtml(isset($_POST['link_html'])?$_POST['link_html']:(!empty($link_html) ? $link_html : ''))); + } else { + $default['link_html'] = isset($_POST['link_html']) ? $_POST['link_html'] : (!empty($link_html) ? $link_html : ''); + $form->add_html_editor('link_html', get_lang('Content'), false, false, array('ToolbarSet' => 'PortalHomePage', 'Width' => '100%', 'Height' => '400')); + } + } + $form->addElement('checkbox', 'all_langs', null, get_lang('ApplyAllLanguages'), array('id' => 'all_langs')); + $form->addElement('html',''); + $i = 0; + foreach ($_languages['name'] as $key => $value) { + $i++; + $lang_name = $_languages['folder'][$key]; + $html_langs = ''; + if ($i % 5 == 0) { + $html_langs .= ''; + } + $form->addElement('html', $html_langs); + } + $form->addElement('html','
'; + $html_langs .= '

'); + $form->addElement('style_submit_button', null, get_lang('Save'), 'class="save"'); } $form->setDefaults($default); @@ -920,7 +941,13 @@ switch ($action) { } $default = array(); - $form = new FormValidator('configure_homepage_'.$action, 'post', api_get_self().'?action='.$action, '', array('style' => 'margin: 0px;')); + $form = new FormValidator( + 'configure_homepage_'.$action, + 'post', + api_get_self().'?action='.$action, + '', + array('style' => 'margin: 0px;') + ); $renderer =& $form->defaultRenderer(); $renderer->setHeaderTemplate(''); $renderer->setFormTemplate('{content}
'); @@ -944,6 +971,7 @@ switch ($action) { $html .= ''; $form->addElement('html', $html); } + if (api_get_setting('wcag_anysurfer_public_pages') == 'true') { //TODO: review these lines // Print WCAG-specific HTML editor @@ -955,23 +983,28 @@ switch ($action) { $default[$name] = str_replace('{rel_path}', api_get_path(REL_PATH), $open); $form->add_html_editor($name, '', true, false, array('ToolbarSet' => 'PortalHomePage', 'Width' => '100%', 'Height' => '400')); } - $form->addElement('checkbox', 'all_langs', null, get_lang('ApplyAllLanguages'),array('id' => 'all_langs')); - $form->addElement('html',''); - $i = 0; - foreach ($_languages['name'] as $key => $value) { - $i++; - $lang_name = $_languages['folder'][$key]; - if (file_exists($homep.$topf.'_'.$lang_name.$ext)) { - $html_langs = ''; - if($i%5 == 0) { - $html_langs .= ''; - } - $form->addElement('html', $html_langs); - } - } - $form->addElement('html','
'; - $html_langs .= '

'); + $form->addElement('checkbox', 'all_langs', null, get_lang('ApplyAllLanguages'),array('id' => 'all_langs')); + $form->addElement('html',''); + + $currentLanguage = api_get_interface_language(); + $i = 0; + foreach ($_languages['name'] as $key => $value) { + $lang_name = $_languages['folder'][$key]; + $i++; + + $checked = null; + if ($languageGet == $lang_name) { + $checked = "checked"; + } + $html_langs = ''; + if ($i % 5 == 0) { + $html_langs .= ''; + } + $form->addElement('html', $html_langs); + } + $form->addElement('html','
'; + $html_langs .= '

'); $form->addElement('style_submit_button', null, get_lang('Save'), 'class="save"'); $form->setDefaults($default); $form->display(); @@ -980,208 +1013,211 @@ switch ($action) { default: // When no action applies, default page to update campus homepage ?> - -
-
- - -
- - - - - - '; - if ($access_url_id == 1) { - echo '
'; - echo ''.Display::display_icon('edit.gif', get_lang('Edit')).' +
- -
+
+ + + + + + +
+ + + + + + + '; + if ($access_url_id == 1) { + echo '
'; + echo ''.Display::display_icon('edit.gif', get_lang('Edit')).' '.get_lang('EditCategories').''; - echo '
'; - } - echo ' + echo ''; + } + echo ' + /* */ + echo ' - - -
+ +

'; - /* */ - echo '
'; - if ($access_url_id == 1) { - if (sizeof($Categories)) { - foreach ($Categories as $enreg) { - echo ''; - } - unset($Categories); - } else { - echo get_lang('NoCategories'); - } - } + if ($access_url_id == 1) { + if (sizeof($Categories)) { + foreach ($Categories as $enreg) { + echo ''; + } + unset($Categories); + } else { + echo get_lang('NoCategories'); + } + } - echo '
'.Display::return_icon('folder_document.gif', $enreg['name']).' '.$enreg['name'].'
'.Display::return_icon('folder_document.gif', $enreg['name']).' '.$enreg['name'].'
'; - ?> -
- +
+ '.Display::return_icon('edit.gif', get_lang('Edit')).''; - $delete_link = ' '.Display::return_icon('delete.gif', get_lang('Delete')).''; - $tab_string = str_replace(array('href="'.api_get_path(WEB_PATH).'index.php?include=', ''), - array('href="'.api_get_path(WEB_CODE_PATH).'admin/'.basename(api_get_self()).'?action=open_link&link=', $edit_link.$delete_link.''), - $enreg); - $tab_string = str_replace(array('
  • ', '
    • ','class="hide_menu"', 'hide_menu'), '', $tab_string); - - $link_list .= Display::tag('tr', Display::tag('td', $tab_string)); - $tab_counter++; - } - } - ?> -
    - -
    - '; - echo $link_list; - echo '
    '; - ?> - - - - - - - - - '; - ?> - -
    - - -

    -
      - '.Display::return_icon('edit.gif', get_lang('Edit')).''; - $delete_link = ''.Display::return_icon('delete.gif', get_lang('Delete')).''; - echo str_replace(array('href="'.api_get_path(WEB_PATH).'index.php?include=', ''), array('href="'.api_get_path(WEB_CODE_PATH).'admin/'.basename(api_get_self()).'?action=open_link&link=', '
      '.$edit_link.' '.$delete_link.''), $enreg); - $i++; - } - } - ?> -
    -
    - - + // Add new page + + $home_menu = ''; + + if (file_exists($homep.$mtloggedin.'_'.$lang.$ext)) { + $home_menu = @file($homep.$mtloggedin.'_'.$lang.$ext); + } else { + $home_menu = @file($homep.$mtloggedin.$ext); + } + + if (empty($home_menu)) { + if (file_exists($homep.$menutabs.'_'.$lang.$ext)) { + $home_menu = @file($homep.$menutabs.'_'.$lang.$ext); + } + } + + if (empty($home_menu)) { + $home_menu = array(); + } + + if (!empty($home_menu)) { + $home_menu = implode("\n", $home_menu); + $home_menu = api_to_system_encoding($home_menu, api_detect_encoding(strip_tags($home_menu))); + $home_menu = explode("\n", $home_menu); + } + $link_list = ''; + $tab_counter = 0; + foreach ($home_menu as $enreg) { + $enreg = trim($enreg); + if (!empty($enreg)) { + $edit_link = ' '.Display::return_icon('edit.gif', get_lang('Edit')).''; + $delete_link = ' '.Display::return_icon('delete.gif', get_lang('Delete')).''; + $tab_string = str_replace(array('href="'.api_get_path(WEB_PATH).'index.php?include=', ''), + array('href="'.api_get_path(WEB_CODE_PATH).'admin/'.basename(api_get_self()).'?action=open_link&link=', $edit_link.$delete_link.''), + $enreg); + $tab_string = str_replace(array('
  • ', '
    • ','class="hide_menu"', 'hide_menu'), '', $tab_string); + + $link_list .= Display::tag('tr', Display::tag('td', $tab_string)); + $tab_counter++; + } + } + ?> +
    + +
    + '; + echo $link_list; + echo ''; + ?> + + + + + + + + '; + ?> + +
    + + +

    +
      + '.Display::return_icon('edit.gif', get_lang('Edit')).''; + $delete_link = ''.Display::return_icon('delete.gif', get_lang('Delete')).''; + echo str_replace(array('href="'.api_get_path(WEB_PATH).'index.php?include=', ''), array('href="'.api_get_path(WEB_CODE_PATH).'admin/'.basename(api_get_self()).'?action=open_link&link=', '
      '.$edit_link.' '.$delete_link.''), $enreg); + $i++; + } + } + ?> +
    +
    + + assign('toolBarDisplayed', true); + } else { + $tpl->assign('toolBarDisplayed', false); + } + $tpl->assign('displayCookieUsageWarning', true); + } +} + $tpl->assign('web_admin_ajax_url', $admin_ajax_url); $tpl->assign('blocks', $blocks); // The template contains the call to the AJAX version checker diff --git a/main/admin/languages.php b/main/admin/languages.php index fc6b6c5090..5d216b265f 100755 --- a/main/admin/languages.php +++ b/main/admin/languages.php @@ -160,7 +160,7 @@ if (isset($_POST['Submit']) && $_POST['Submit']) { if (count($_POST['id']) > 0) { $ids = array(); foreach ($_POST['id'] as $index => $id) { - $ids[] = Database::escape_string($id); + $ids[] = intval($id); } $sql = "UPDATE $tbl_admin_languages SET available='1' WHERE id IN ('" . implode("','", $ids) . "')"; Database::query($sql); @@ -170,7 +170,7 @@ if (isset($_POST['Submit']) && $_POST['Submit']) { if (count($_POST['id']) > 0) { $ids = array(); foreach ($_POST['id'] as $index => $id) { - $ids[] = Database::escape_string($id); + $ids[] = intval($id); } $sql = "UPDATE $tbl_admin_languages SET available='0' WHERE id IN ('" . implode("','", $ids) . "')"; Database::query($sql); diff --git a/main/admin/session_course_user_list.php b/main/admin/session_course_user_list.php index 97dbbfa9e9..350251533d 100755 --- a/main/admin/session_course_user_list.php +++ b/main/admin/session_course_user_list.php @@ -44,7 +44,7 @@ $sql = "SELECT s.name, c.title FROM $tbl_session_rel_course src INNER JOIN $tbl_session s ON s.id = src.id_session INNER JOIN $tbl_course c ON c.code = src.course_code - WHERE src.id_session='$id_session' AND src.course_code='".Database::escape_string($course_code)."' "; + WHERE src.id_session='$id_session' AND src.course_code='$course_code' "; $result = Database::query($sql); if (!list($session_name,$course_title) = Database::fetch_row($result)) { diff --git a/main/admin/session_import.php b/main/admin/session_import.php index f0410f63b3..17bba2a4b6 100755 --- a/main/admin/session_import.php +++ b/main/admin/session_import.php @@ -134,7 +134,7 @@ if (isset($_POST['formSent']) && $_POST['formSent']) { email = '".Database::escape_string($email)."', official_code = '".Database::escape_string($official_code)."', phone = '".Database::escape_string($phone)."', - status = '".Database::escape_string($status)."' + status = '".intval($status)."' WHERE username = '".Database::escape_string($username)."'"; Database::query($sql); diff --git a/main/admin/settings.lib.php b/main/admin/settings.lib.php index a99b02e9ab..770855fdf3 100755 --- a/main/admin/settings.lib.php +++ b/main/admin/settings.lib.php @@ -111,18 +111,18 @@ function handle_plugins() { $plugin_obj = new AppPlugin(); $token = Security::get_token(); - if (isset($_POST['submit_plugins'])) { + if (isset($_POST['submit_plugins'])) { store_plugins(); // Add event to the system log. $user_id = api_get_user_id(); $category = $_GET['category']; - event_system( - LOG_CONFIGURATION_SETTINGS_CHANGE, - LOG_CONFIGURATION_SETTINGS_CATEGORY, - $category, - api_get_utc_datetime(), - $user_id - ); + event_system( + LOG_CONFIGURATION_SETTINGS_CHANGE, + LOG_CONFIGURATION_SETTINGS_CATEGORY, + $category, + api_get_utc_datetime(), + $user_id + ); Display :: display_confirmation_message(get_lang('SettingsStored')); } @@ -175,12 +175,12 @@ function handle_plugins() echo '
    '; if (in_array($plugin, $installed_plugins)) { - echo Display::url(get_lang('Configure'), 'configure_plugin.php?name='.$plugin, array('class' => 'btn')); - echo Display::url(get_lang('Regions'), 'settings.php?category=Regions&name='.$plugin, array('class' => 'btn')); + echo Display::url(get_lang('Configure'), 'configure_plugin.php?name='.$plugin, array('class' => 'btn')); + echo Display::url(get_lang('Regions'), 'settings.php?category=Regions&name='.$plugin, array('class' => 'btn')); } if (file_exists(api_get_path(SYS_PLUGIN_PATH).$plugin.'/readme.txt')) { - echo Display::url("readme.txt", api_get_path(WEB_PLUGIN_PATH).$plugin."/readme.txt", array('class' => 'btn ajax', '_target' => '_blank')); + echo Display::url("readme.txt", api_get_path(WEB_PLUGIN_PATH).$plugin."/readme.txt", array('class' => 'btn ajax', '_target' => '_blank')); } echo '
    '; echo ''; @@ -198,7 +198,7 @@ function handle_plugins() * This function allows the platform admin to choose the default stylesheet * @author Patrick Cool , Ghent University * @author Julio Montoya , Chamilo -*/ + */ function handle_stylesheets() { global $_configuration; @@ -219,7 +219,6 @@ function handle_stylesheets() } $form = new FormValidator('stylesheet_upload', 'post', 'settings.php?category=Stylesheets#tabs-2'); - //$form->addElement('header', get_lang('UploadNewStylesheet')); $form->addElement('text', 'name_stylesheet', get_lang('NameStylesheet'), array('size' => '40', 'maxlength' => '40')); $form->addRule('name_stylesheet', get_lang('ThisFieldIsRequired'), 'required'); $form->addElement('file', 'new_stylesheet', get_lang('UploadNewStylesheet')); @@ -256,7 +255,13 @@ function handle_stylesheets() // Add event to the system log. $user_id = api_get_user_id(); $category = $_GET['category']; - event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, api_get_utc_datetime(), $user_id); + event_system( + LOG_CONFIGURATION_SETTINGS_CHANGE, + LOG_CONFIGURATION_SETTINGS_CATEGORY, + $category, + api_get_utc_datetime(), + $user_id + ); if ($result) { Display::display_confirmation_message(get_lang('StylesheetAdded')); @@ -467,7 +472,7 @@ function upload_stylesheet($values, $picture) */ function store_regions() { - $plugin_obj = new AppPlugin(); + $plugin_obj = new AppPlugin(); // Get a list of all current 'Plugins' settings $installed_plugins = $plugin_obj->get_installed_plugins(); @@ -502,7 +507,7 @@ function store_regions() /** * This function allows easy activating and inactivating of plugins * @author Patrick Cool , Ghent University -*/ + */ function store_plugins() { $appPlugin = new AppPlugin(); @@ -533,13 +538,18 @@ function store_plugins() /** * This function allows the platform admin to choose which should be the default stylesheet * @author Patrick Cool , Ghent University -*/ + */ function store_stylesheets() { // Insert the stylesheet. - $style = Database::escape_string($_POST['style']); - if (is_style($style)) { - api_set_setting('stylesheets', $style, null, 'stylesheets', api_get_current_access_url_id()); + if (is_style($_POST['style'])) { + api_set_setting( + 'stylesheets', + $_POST['style'], + null, + 'stylesheets', + api_get_current_access_url_id() + ); } return true; } @@ -613,7 +623,7 @@ function handle_search() $sf_values = array(); foreach ($specific_fields as $sf) { - $sf_values[$sf['code']] = $sf['name']; + $sf_values[$sf['code']] = $sf['name']; } $group = array(); $url = Display::div(Display::url(get_lang('AddSpecificSearchField'), 'specific_fields.php'), array('class'=>'sectioncomment')); @@ -901,7 +911,7 @@ function add_edit_template() { if ($_GET['action'] == 'edit') { // Database table definition. $table_system_template = Database :: get_main_table('system_template'); - $sql = "SELECT * FROM $table_system_template WHERE id = '".Database::escape_string($_GET['id'])."'"; + $sql = "SELECT * FROM $table_system_template WHERE id = ".intval($_GET['id']).""; $result = Database::query($sql); $row = Database::fetch_array($result); @@ -970,34 +980,34 @@ function add_edit_template() { } $temp->send_image($upload_dir.$new_file_name); } - } - - // Store the information in the database (as insert or as update). - $table_system_template = Database :: get_main_table('system_template'); - if ($_GET['action'] == 'add') { - $content_template = '{CSS}'.Database::escape_string($values['template_text']).''; - $sql = "INSERT INTO $table_system_template (title, content, image) VALUES ('".Database::escape_string($values['title'])."','".$content_template."','".Database::escape_string($new_file_name)."')"; - Database::query($sql); - - // Display a feedback message. - Display::display_confirmation_message(get_lang('TemplateAdded')); - echo ''.Display::return_icon('new_template.png', get_lang('AddTemplate'),'',ICON_SIZE_MEDIUM).''; - } else { - $content_template = '{CSS}'.Database::escape_string($values['template_text']).''; - $sql = "UPDATE $table_system_template set title = '".Database::escape_string($values['title'])."', content = '".$content_template."'"; - if (!empty($new_file_name)) { - $sql .= ", image = '".Database::escape_string($new_file_name)."'"; - } - $sql .= " WHERE id='".Database::escape_string($_GET['id'])."'"; - Database::query($sql); - - // Display a feedback message. - Display::display_confirmation_message(get_lang('TemplateEdited')); - } + } + + // Store the information in the database (as insert or as update). + $table_system_template = Database :: get_main_table('system_template'); + if ($_GET['action'] == 'add') { + $content_template = '{CSS}'.Database::escape_string($values['template_text']).''; + $sql = "INSERT INTO $table_system_template (title, content, image) VALUES ('".Database::escape_string($values['title'])."','".$content_template."','".Database::escape_string($new_file_name)."')"; + Database::query($sql); + + // Display a feedback message. + Display::display_confirmation_message(get_lang('TemplateAdded')); + echo ''.Display::return_icon('new_template.png', get_lang('AddTemplate'),'',ICON_SIZE_MEDIUM).''; + } else { + $content_template = '{CSS}'.Database::escape_string($values['template_text']).''; + $sql = "UPDATE $table_system_template set title = '".Database::escape_string($values['title'])."', content = '".$content_template."'"; + if (!empty($new_file_name)) { + $sql .= ", image = '".Database::escape_string($new_file_name)."'"; + } + $sql .= " WHERE id = ".intval($_GET['id']).""; + Database::query($sql); + + // Display a feedback message. + Display::display_confirmation_message(get_lang('TemplateEdited')); + } } - Security::clear_token(); - display_templates(); + Security::clear_token(); + display_templates(); } else { @@ -1021,7 +1031,7 @@ function add_edit_template() { function delete_template($id) { // First we remove the image. $table_system_template = Database :: get_main_table('system_template'); - $sql = "SELECT * FROM $table_system_template WHERE id = '".Database::escape_string($id)."'"; + $sql = "SELECT * FROM $table_system_template WHERE id = ".intval($id).""; $result = Database::query($sql); $row = Database::fetch_array($result); if (!empty($row['image'])) { @@ -1029,7 +1039,7 @@ function delete_template($id) { } // Now we remove it from the database. - $sql = "DELETE FROM $table_system_template WHERE id = '".Database::escape_string($id)."'"; + $sql = "DELETE FROM $table_system_template WHERE id = ".intval($id).""; Database::query($sql); // Display a feedback message. @@ -1118,7 +1128,7 @@ function generate_settings_form($settings, $settings_by_access_list) { $i = 0; foreach ($settings as $row) { - if (in_array($row['variable'], array_keys($settings_to_avoid))) { continue; } + if (in_array($row['variable'], array_keys($settings_to_avoid))) { continue; } if (!empty($_configuration['multiple_access_urls'])) { if (api_is_global_platform_admin()) { @@ -1126,18 +1136,18 @@ function generate_settings_form($settings, $settings_by_access_list) { if ($url_id == 1) { if ($row['access_url_changeable'] == '1') { $form->addElement('html', ''); + Display::return_icon('shared_setting.png', get_lang('ChangeSharedSetting')).''); } else { $form->addElement('html', ''); + Display::return_icon('shared_setting_na.png', get_lang('ChangeSharedSetting')).''); } } else { if ($row['access_url_changeable'] == '1') { $form->addElement('html', '
    '. - Display::return_icon('shared_setting.png', get_lang('ChangeSharedSetting')).'
    '); + Display::return_icon('shared_setting.png', get_lang('ChangeSharedSetting')).''); } else { $form->addElement('html', '
    '. - Display::return_icon('shared_setting_na.png', get_lang('ChangeSharedSetting')).'
    '); + Display::return_icon('shared_setting_na.png', get_lang('ChangeSharedSetting')).''); } } } @@ -1216,25 +1226,25 @@ function generate_settings_form($settings, $settings_by_access_list) { break; case 'textarea': if ($row['variable'] == 'header_extra_content') { - $file = api_get_path(SYS_PATH).api_get_home_path().'header_extra_content.txt'; + $file = api_get_path(SYS_PATH).api_get_home_path().'header_extra_content.txt'; $value = ''; if (file_exists($file)) { $value = file_get_contents($file); } $form->addElement('textarea', $row['variable'], array(get_lang($row['title']), get_lang($row['comment'])) , array('class'=>'span6','rows'=>'10'), $hideme); - $default_values[$row['variable']] = $value; + $default_values[$row['variable']] = $value; } elseif ($row['variable'] == 'footer_extra_content') { - $file = api_get_path(SYS_PATH).api_get_home_path().'footer_extra_content.txt'; - $value = ''; - if (file_exists($file)) { - $value = file_get_contents($file); - } - $form->addElement('textarea', $row['variable'], array(get_lang($row['title']), get_lang($row['comment'])) , array('rows'=>'10', 'class'=>'span6'), $hideme); - $default_values[$row['variable']] = $value; - } else { - $form->addElement('textarea', $row['variable'], array(get_lang($row['title']), get_lang($row['comment'])) , array('rows'=>'10','class'=>'span6'), $hideme); - $default_values[$row['variable']] = $row['selected_value']; - } + $file = api_get_path(SYS_PATH).api_get_home_path().'footer_extra_content.txt'; + $value = ''; + if (file_exists($file)) { + $value = file_get_contents($file); + } + $form->addElement('textarea', $row['variable'], array(get_lang($row['title']), get_lang($row['comment'])) , array('rows'=>'10', 'class'=>'span6'), $hideme); + $default_values[$row['variable']] = $value; + } else { + $form->addElement('textarea', $row['variable'], array(get_lang($row['title']), get_lang($row['comment'])) , array('rows'=>'10','class'=>'span6'), $hideme); + $default_values[$row['variable']] = $row['selected_value']; + } break; case 'radio': $values = api_get_settings_options($row['variable']); @@ -1258,15 +1268,15 @@ function generate_settings_form($settings, $settings_by_access_list) { $result = Database::query($sql); $group = array (); while ($rowkeys = Database::fetch_array($result)) { - //if ($rowkeys['variable'] == 'course_create_active_tools' && $rowkeys['subkey'] == 'enable_search') { continue; } + //if ($rowkeys['variable'] == 'course_create_active_tools' && $rowkeys['subkey'] == 'enable_search') { continue; } - // Profile tab option should be hidden when the social tool is enabled. - if (api_get_setting('allow_social_tool') == 'true') { - if ($rowkeys['variable'] == 'show_tabs' && $rowkeys['subkey'] == 'my_profile') { continue; } - } + // Profile tab option should be hidden when the social tool is enabled. + if (api_get_setting('allow_social_tool') == 'true') { + if ($rowkeys['variable'] == 'show_tabs' && $rowkeys['subkey'] == 'my_profile') { continue; } + } - // Hiding the gradebook option. - if ($rowkeys['variable'] == 'show_tabs' && $rowkeys['subkey'] == 'my_gradebook') { continue; } + // Hiding the gradebook option. + if ($rowkeys['variable'] == 'show_tabs' && $rowkeys['subkey'] == 'my_gradebook') { continue; } $element = & $form->createElement('checkbox', $rowkeys['subkey'], '', get_lang($rowkeys['subkeytext'])); if ($row['access_url_changeable'] == 1) { @@ -1303,7 +1313,7 @@ function generate_settings_form($settings, $settings_by_access_list) { $default_values[$row['variable']] = $row['selected_value']; break; case 'custom': - break; + break; } switch ($row['variable']) { diff --git a/main/admin/settings.php b/main/admin/settings.php index e1c3719473..fe7f7445b7 100755 --- a/main/admin/settings.php +++ b/main/admin/settings.php @@ -10,8 +10,6 @@ * @package chamilo.admin */ -/* INIT SECTION */ - // Language files that need to be included. if (isset($_GET['category']) && $_GET['category'] == 'Templates') { $language_file = array('admin', 'document'); @@ -45,7 +43,12 @@ $settings_to_avoid = array( 'example_material_course_creation' => 'true' // ON by default - now we have this option when we create a course ); -$convert_byte_to_mega_list = array('dropbox_max_filesize', 'message_max_upload_filesize', 'default_document_quotum', 'default_group_quotum'); +$convert_byte_to_mega_list = array( + 'dropbox_max_filesize', + 'message_max_upload_filesize', + 'default_document_quotum', + 'default_group_quotum' +); if (isset($_POST['style'])) { Display::$preview_style = $_POST['style']; @@ -68,8 +71,8 @@ if (isset($_GET['delete_watermark'])) { } if (isset($_GET['action']) && $_GET['action'] == 'delete_grading') { - $id = intval($_GET['id']); - api_delete_setting_option($id); + $id = intval($_GET['id']); + api_delete_setting_option($id); } $form_search = new FormValidator('search_settings', 'get', api_get_self() , null, array('class'=>'well form-inline')); @@ -119,11 +122,16 @@ function get_settings($category = null) { $settings = search_setting($_REQUEST['search_field']); } } - return array('settings' => $settings, 'settings_by_access_list' => $settings_by_access_list); + return array( + 'settings' => $settings, + 'settings_by_access_list' => $settings_by_access_list + ); } // Build the form. -if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', 'stylesheets', 'Search'))) { +if (!empty($_GET['category']) && + !in_array($_GET['category'], array('Plugins', 'stylesheets', 'Search')) +) { $my_category = isset($_GET['category']) ? $_GET['category'] : null; $settings_array = get_settings($my_category); $settings = $settings_array['settings']; @@ -139,11 +147,15 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', ' $un_mark_all = false; if (api_is_multiple_url_enabled()) { - if (isset($values['buttons_in_action_right']) && isset($values['buttons_in_action_right']['mark_all'])) { + if (isset($values['buttons_in_action_right']) && + isset($values['buttons_in_action_right']['mark_all']) + ) { $mark_all = true; } - if (isset($values['buttons_in_action_right']) && isset($values['buttons_in_action_right']['unmark_all'])) { + if (isset($values['buttons_in_action_right']) && + isset($values['buttons_in_action_right']['unmark_all']) + ) { $un_mark_all = true; } } @@ -174,7 +186,10 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', ' $settings_array = get_settings($my_category); $settings = $settings_array['settings']; $settings_by_access_list = $settings_array['settings_by_access_list']; - $form = generate_settings_form($settings, $settings_by_access_list); + $form = generate_settings_form( + $settings, + $settings_by_access_list + ); } } if (!empty($_FILES['pdf_export_watermark_path'])) { @@ -182,7 +197,10 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', ' } if (isset($pdf_export_watermark_path) && !empty($pdf_export_watermark_path['name'])) { - $pdf_export_watermark_path_result = PDF::upload_watermark($pdf_export_watermark_path['name'], $pdf_export_watermark_path['tmp_name']); + $pdf_export_watermark_path_result = PDF::upload_watermark( + $pdf_export_watermark_path['name'], + $pdf_export_watermark_path['tmp_name'] + ); if ($pdf_export_watermark_path_result) { $message['confirmation'][] = get_lang('UplUploadSucceeded'); } else { @@ -193,16 +211,15 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', ' // Set true for allow_message_tool variable if social tool is actived foreach ($convert_byte_to_mega_list as $item) { - if (isset($values[$item])) { - $values[$item] = round($values[$item]*1024*1024); - } - } + if (isset($values[$item])) { + $values[$item] = round($values[$item]*1024*1024); + } + } if (isset($values['allow_social_tool']) && $values['allow_social_tool'] == 'true') { $values['allow_message_tool'] = 'true'; } - // The first step is to set all the variables that have type=checkbox of the category // to false as the checkbox that is unchecked is not in the $_POST data and can // therefore not be set to false. @@ -225,96 +242,115 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', ' foreach ($settings as $item) { $key = $item['variable']; - if (in_array($key, $settings_to_avoid)) { continue; } - if ($key == 'search_field' or $key == 'submit_fixed_in_bottom') { continue; } + if (in_array($key, $settings_to_avoid)) { + continue; + } + if ($key == 'search_field' or $key == 'submit_fixed_in_bottom') { + continue; + } $key = Database::escape_string($key); - $sql = "UPDATE $table_settings_current SET selected_value = 'false' WHERE variable = '".$key."' AND access_url = ".intval($url_id)." AND type IN ('checkbox', 'radio') "; + $sql = "UPDATE $table_settings_current + SET selected_value = 'false' + WHERE variable = '".$key."' AND access_url = ".intval($url_id)." AND type IN ('checkbox', 'radio') "; $res = Database::query($sql); } - /*foreach($settings_to_avoid as $key => $value) { - api_set_setting($key, $value, null, null, $_configuration['access_url']); - }*/ - // Save the settings. $keys = array(); foreach ($values as $key => $value) { - if (strcmp($key,'MAX_FILE_SIZE')===0) { continue; } - if (in_array($key, $settings_to_avoid)) { continue; } + if (strcmp($key, 'MAX_FILE_SIZE') === 0) { + continue; + } + if (in_array($key, $settings_to_avoid)) { + continue; + } // Avoid form elements which have nothing to do with settings - if ($key == 'search_field' or $key == 'submit_fixed_in_bottom') { continue; } + if ($key == 'search_field' or $key == 'submit_fixed_in_bottom') { + continue; + } // Treat gradebook values in separate function. //if (strpos($key, 'gradebook_score_display_custom_values') === false) { - if (!is_array($value)) { - $old_value = api_get_setting($key); - switch ($key) { - case 'header_extra_content': - file_put_contents(api_get_path(SYS_PATH).api_get_home_path().'/header_extra_content.txt', $value); - $value = api_get_home_path().'/header_extra_content.txt'; - break; - case 'footer_extra_content': - file_put_contents(api_get_path(SYS_PATH).api_get_home_path().'/footer_extra_content.txt', $value); - $value = api_get_home_path().'/footer_extra_content.txt'; - break; - // URL validation for some settings. - case 'InstitutionUrl': - case 'course_validation_terms_and_conditions_url': - $value = trim(Security::remove_XSS($value)); - if ($value != '') { - // Here we accept absolute URLs only. - if (strpos($value, '://') === false) { - $value = 'http://'.$value; - } - if (!api_valid_url($value, true)) { - // If the new (non-empty) URL value is invalid, then the old URL value stays. - $value = $old_value; - } + if (!is_array($value)) { + $old_value = api_get_setting($key); + switch ($key) { + case 'header_extra_content': + file_put_contents(api_get_path(SYS_PATH).api_get_home_path().'/header_extra_content.txt', $value); + $value = api_get_home_path().'/header_extra_content.txt'; + break; + case 'footer_extra_content': + file_put_contents(api_get_path(SYS_PATH).api_get_home_path().'/footer_extra_content.txt', $value); + $value = api_get_home_path().'/footer_extra_content.txt'; + break; + // URL validation for some settings. + case 'InstitutionUrl': + case 'course_validation_terms_and_conditions_url': + $value = trim(Security::remove_XSS($value)); + if ($value != '') { + // Here we accept absolute URLs only. + if (strpos($value, '://') === false) { + $value = 'http://'.$value; } - // If the new URL value is empty, then it will be stored (i.e. the setting will be deleted). - break; - - // Validation against e-mail address for some settings. - case 'emailAdministrator': - $value = trim(Security::remove_XSS($value)); - if ($value != '' && !api_valid_email($value)) { - // If the new (non-empty) e-mail address is invalid, then the old e-mail address stays. - // If the new e-mail address is empty, then it will be stored (i.e. the setting will be deleted). + if (!api_valid_url($value, true)) { + // If the new (non-empty) URL value is invalid, then the old URL value stays. $value = $old_value; } - break; - } - if ($old_value != $value) $keys[] = $key; - $result = api_set_setting($key, $value, null, null, $url_id); - } else { - $sql = "SELECT subkey FROM $table_settings_current WHERE variable = '$key'"; - $res = Database::query($sql); - while ($row_subkeys = Database::fetch_array($res)) { - // If subkey is changed: - if ((isset($value[$row_subkeys['subkey']]) && api_get_setting($key, $row_subkeys['subkey']) == 'false') || - (!isset($value[$row_subkeys['subkey']]) && api_get_setting($key, $row_subkeys['subkey']) == 'true')) { - $keys[] = $key; - break; } + // If the new URL value is empty, then it will be stored (i.e. the setting will be deleted). + break; + + // Validation against e-mail address for some settings. + case 'emailAdministrator': + $value = trim(Security::remove_XSS($value)); + if ($value != '' && !api_valid_email($value)) { + // If the new (non-empty) e-mail address is invalid, then the old e-mail address stays. + // If the new e-mail address is empty, then it will be stored (i.e. the setting will be deleted). + $value = $old_value; + } + break; + } + if ($old_value != $value) $keys[] = $key; + $result = api_set_setting($key, $value, null, null, $url_id); + } else { + $sql = "SELECT subkey FROM $table_settings_current WHERE variable = '$key'"; + $res = Database::query($sql); + while ($row_subkeys = Database::fetch_array($res)) { + // If subkey is changed: + if ((isset($value[$row_subkeys['subkey']]) && api_get_setting($key, $row_subkeys['subkey']) == 'false') || + (!isset($value[$row_subkeys['subkey']]) && api_get_setting($key, $row_subkeys['subkey']) == 'true')) { + $keys[] = $key; + break; } - foreach ($value as $subkey => $subvalue) { - $result = api_set_setting($key, 'true', $subkey, null, $url_id); - } - } + foreach ($value as $subkey => $subvalue) { + $result = api_set_setting($key, 'true', $subkey, null, $url_id); + } + } } // Add event configuration settings category to the system log. $user_id = api_get_user_id(); $category = $_GET['category']; - event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, api_get_utc_datetime(), $user_id); + event_system( + LOG_CONFIGURATION_SETTINGS_CHANGE, + LOG_CONFIGURATION_SETTINGS_CATEGORY, + $category, + api_get_utc_datetime(), + $user_id + ); // Add event configuration settings variable to the system log. if (is_array($keys) && count($keys) > 0) { foreach ($keys as $variable) { if (in_array($key, $settings_to_avoid)) { continue; } - event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_VARIABLE, $variable, api_get_utc_datetime(), $user_id); + event_system( + LOG_CONFIGURATION_SETTINGS_CHANGE, + LOG_CONFIGURATION_SETTINGS_VARIABLE, + $variable, + api_get_utc_datetime(), + $user_id + ); } } } @@ -401,7 +437,6 @@ $resultcategories[] = array('category' => 'CAS'); $resultcategories[] = array('category' => 'Shibboleth'); $resultcategories[] = array('category' => 'Facebook'); - foreach ($resultcategories as $row) { $url = array(); $url['url'] = api_get_self()."?category=".$row['category']; @@ -413,9 +448,7 @@ foreach ($resultcategories as $row) { } echo Display::actions($action_array); - echo '
    '; - echo $form_search_html; if ($watermark_deleted) { @@ -451,7 +484,13 @@ if (!empty($_GET['category'])) { // add event to system log $user_id = api_get_user_id(); $category = $_GET['category']; - event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, api_get_utc_datetime(), $user_id); + event_system( + LOG_CONFIGURATION_SETTINGS_CHANGE, + LOG_CONFIGURATION_SETTINGS_CATEGORY, + $category, + api_get_utc_datetime(), + $user_id + ); Display :: display_confirmation_message(get_lang('DashboardPluginsHaveBeenUpdatedSucesslly')); } } @@ -461,23 +500,23 @@ if (!empty($_GET['category'])) { }); '; echo '
    '; - echo ''; - - echo '
    '; - handle_plugins(); - echo '
    '; - - echo '
    '; - DashboardManager::handle_dashboard_plugins(); - echo '
    '; - - echo '
    '; - handle_extensions(); - echo '
    '; + echo ''; + + echo '
    '; + handle_plugins(); + echo '
    '; + + echo '
    '; + DashboardManager::handle_dashboard_plugins(); + echo '
    '; + + echo '
    '; + handle_extensions(); + echo '
    '; echo '
    '; break; case 'Stylesheets': diff --git a/main/admin/sub_language.class.php b/main/admin/sub_language.class.php index c180a784af..aaad14e786 100755 --- a/main/admin/sub_language.class.php +++ b/main/admin/sub_language.class.php @@ -53,7 +53,7 @@ class SubLanguageManager { $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); $sql = 'SELECT * FROM ' . $tbl_admin_languages . ' - WHERE parent_id="' . Database::escape_string($parent_id) . '" AND id="' . Database::escape_string($sub_language_id) . '"'; + WHERE parent_id= ' . intval($parent_id) . ' AND id= ' . intval($sub_language_id) . ''; $rs = Database::query($sql); $all_information = array(); while ($row = Database::fetch_array($rs, 'ASSOC')) { @@ -185,7 +185,7 @@ class SubLanguageManager return false; } //can't delete dir, so do not delete language record $sql = 'DELETE FROM ' . $tbl_admin_languages . ' - WHERE id="' . Database::escape_string($sub_language_id) . '" '; + WHERE id= ' . intval($sub_language_id) . ' '; $res = Database::query($sql); return $res; @@ -247,7 +247,7 @@ class SubLanguageManager public static function get_name_of_language_by_id($language_id) { $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); - $sql = 'SELECT original_name FROM ' . $tbl_admin_languages . ' WHERE id="' . Database::escape_string($language_id) . '"'; + $sql = 'SELECT original_name FROM ' . $tbl_admin_languages . ' WHERE id= ' . intval($language_id) . ''; $rs = Database::query($sql); if (Database::num_rows($rs) > 0) { return Database::result($rs, 0, 'original_name'); @@ -265,7 +265,7 @@ class SubLanguageManager { $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); $sql = 'SELECT count(*) AS count FROM ' . $tbl_admin_languages . ' - WHERE id="' . Database::escape_string($language_id) . '" AND NOT ISNULL(parent_id)'; + WHERE id = ' . intval($language_id) . ' AND NOT ISNULL(parent_id)'; $rs = Database::query($sql); if (Database::num_rows($rs) > 0 && Database::result($rs, '0', 'count') == 1) { @@ -302,7 +302,7 @@ class SubLanguageManager { $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); $sql = 'SELECT count(*) AS count FROM ' . $tbl_admin_languages . ' - WHERE parent_id="' . Database::escape_string($language_id) . '" AND NOT ISNULL(parent_id);'; + WHERE parent_id= ' . intval($language_id) . ' AND NOT ISNULL(parent_id);'; $rs = Database::query($sql); if (Database::num_rows($rs) > 0 && Database::result($rs, '0', 'count') == 1) { @@ -320,7 +320,7 @@ class SubLanguageManager public static function make_unavailable_language($language_id) { $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); - $sql_make_unavailable = "UPDATE $tbl_admin_languages SET available='0' WHERE id='" . Database::escape_string($language_id) . "'"; + $sql_make_unavailable = "UPDATE $tbl_admin_languages SET available='0' WHERE id = " . intval($language_id) . ""; $result = Database::query($sql_make_unavailable); return $result !== false; //only return false on sql error } @@ -333,7 +333,7 @@ class SubLanguageManager public static function make_available_language($language_id) { $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); - $sql_make_available = "UPDATE $tbl_admin_languages SET available='1' WHERE id='" . Database::escape_string($language_id) . "'"; + $sql_make_available = "UPDATE $tbl_admin_languages SET available='1' WHERE id = " . intval($language_id) . ""; $result = Database::query($sql_make_available); return $result !== false; //only return false on sql error } @@ -350,7 +350,7 @@ class SubLanguageManager } $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); $tbl_settings_current = Database :: get_main_table(TABLE_MAIN_SETTINGS_CURRENT); - $sql_update = "SELECT english_name FROM " . $tbl_admin_languages . " WHERE id='" . Database::escape_string($language_id) . "'"; + $sql_update = "SELECT english_name FROM " . $tbl_admin_languages . " WHERE id= " . intval($language_id) . ""; $result = Database::query($sql_update); $lang = Database::fetch_array($result); $sql_update_2 = "UPDATE " . $tbl_settings_current . " SET selected_value='" . $lang['english_name'] . "' WHERE variable='platformLanguage'"; @@ -412,8 +412,9 @@ class SubLanguageManager // select language - if case several languages match, get the last (more recent) one $sql = "SELECT english_name FROM " . $adminLanguagesTable . " - WHERE isocode ='$isocode' - AND available = 1 + WHERE + isocode ='$isocode' AND + available = 1 ORDER BY id DESC LIMIT 1"; $res = Database::query($sql); @@ -434,7 +435,9 @@ class SubLanguageManager if (empty($preferences)) { return false; } + $preferencesArray = explode(',', $preferences); + if (count($preferencesArray) > 0) { foreach ($preferencesArray as $pref) { $s = strpos($pref, ';'); @@ -444,6 +447,7 @@ class SubLanguageManager $code = $pref; } $name = self::getLanguageFromIsocode($code); + if ($name !== false) { return $name; } diff --git a/main/admin/sub_language_add.php b/main/admin/sub_language_add.php index 6ebbbccb9c..1a9431583d 100755 --- a/main/admin/sub_language_add.php +++ b/main/admin/sub_language_add.php @@ -39,7 +39,7 @@ function add_sub_language ($original_name,$english_name,$isocode,$sublanguage_av $english_name = Database::escape_string($english_name); $isocode = Database::escape_string($isocode); $sublanguage_available = Database::escape_string($sublanguage_available); - $parent_id = Database::escape_string($parent_id); + $parent_id = intval($parent_id); $sql='INSERT INTO '.$tbl_admin_languages.'(original_name,english_name,isocode,dokeos_folder,available,parent_id) VALUES ("'.$original_name.'","'.$english_name.'","'.$isocode.'","'.$english_name.'","'.$sublanguage_available.'","'.$parent_id.'")'; $res = Database::query($sql); @@ -119,7 +119,7 @@ function check_if_exist_language_by_id ($language_id) { * @return bool True if this language has children, false otherwise */ function ckeck_if_is_parent_of_sub_language ($parent_id) { - $sql='SELECT count(*) AS count FROM language WHERE parent_id="'.Database::escape_string($parent_id).'"'; + $sql='SELECT count(*) AS count FROM language WHERE parent_id= '.intval($parent_id).''; $rs=Database::query($sql); if (Database::num_rows($rs)>0 && Database::result($rs,0,'count')==1) { return true; diff --git a/main/admin/user_edit.php b/main/admin/user_edit.php index 01922e2761..67bd2dcfa8 100755 --- a/main/admin/user_edit.php +++ b/main/admin/user_edit.php @@ -261,7 +261,6 @@ $creatorInfo = api_get_user_info($user_data['creator_id']); $date = sprintf(get_lang('CreatedByXYOnZ'), 'user_information.php?user_id='.$user_data['creator_id'], $creatorInfo['username'], $user_data['registration_date']); $form->addElement('html', '
    '.$date.'
    '); - if (!$user_data['platform_admin']) { // Expiration Date $form->addElement('radio', 'radio_expiration_date', get_lang('ExpirationDate'), get_lang('NeverExpires'), 0); @@ -275,7 +274,6 @@ if (!$user_data['platform_admin']) { $form->addElement('radio', 'active', '', get_lang('Inactive'), 0); } - // EXTRA FIELDS $return_params = UserManager::set_extra_fields_in_form($form, $extra_data, 'user_edit', true, $user_id); $jquery_ready_content = $return_params['jquery_ready_content']; @@ -433,7 +431,7 @@ if ($form->validate()) { } else { UserManager::update_extra_field_value($user_id, substr($key, 6), $value); } - } elseif (strpos($key,'remove_extra') !== false) { + } elseif (strpos($key, 'remove_extra') !== false) { $extra_value = Security::filter_filename(urldecode(key($value))); // To remove from user_field_value and folder UserManager::update_extra_field_value($user_id, substr($key,13), $extra_value); diff --git a/main/admin/user_fields.php b/main/admin/user_fields.php index 924e109f2e..a4a4d0eef9 100755 --- a/main/admin/user_fields.php +++ b/main/admin/user_fields.php @@ -354,16 +354,16 @@ function delete_user_fields($field_id) $table_user_field_values = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES); // delete the fields - $sql = "DELETE FROM $table_user_field WHERE id = '".Database::escape_string($field_id)."'"; + $sql = "DELETE FROM $table_user_field WHERE id = ".intval($field_id)." "; $result = Database::query($sql); if (Database::affected_rows() == 1) { // delete the field options - $sql = "DELETE FROM $table_user_field_options WHERE field_id = '".Database::escape_string($field_id)."'"; + $sql = "DELETE FROM $table_user_field_options WHERE field_id = ".intval($field_id).""; $result = Database::query($sql); // delete the field values - $sql = "DELETE FROM $table_user_field_values WHERE field_id = '".Database::escape_string($field_id)."'"; + $sql = "DELETE FROM $table_user_field_values WHERE field_id = ".intval($field_id).""; $result = Database::query($sql); // recalculate the field_order because the value is used to show/hide the up/down icon @@ -373,7 +373,7 @@ function delete_user_fields($field_id) $i = 1; while($row = Database::fetch_array($result)) { - $sql_reorder = "UPDATE $table_user_field SET field_order = '".Database::escape_string($i)."' WHERE id = '".Database::escape_string($row['id'])."'"; + $sql_reorder = "UPDATE $table_user_field SET field_order = '".Database::escape_string($i)."' WHERE id = ".intval($row['id']).""; $result_reorder = Database::query($sql_reorder); $i++; } diff --git a/main/admin/user_fields_options.php b/main/admin/user_fields_options.php index 03adbc73c2..f37913f6f9 100755 --- a/main/admin/user_fields_options.php +++ b/main/admin/user_fields_options.php @@ -105,7 +105,7 @@ function get_options_data($from, $number_of_items, $column, $direction) option_order AS col0, option_display_text AS col1, id AS col2 - FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ORDER BY option_order ASC"; + FROM $table_userfields_options WHERE field_id = ".intval($_GET['field_id'])." ORDER BY option_order ASC"; $sql .= " LIMIT $from,$number_of_items"; $res = Database::query($sql); $return = array (); @@ -122,7 +122,7 @@ function get_number_of_options($from=null, $number_of_items=null, $column=null, $table_userfields_options = Database :: get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS); // The sql statement - $sql = "SELECT count(id) as total FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' "; + $sql = "SELECT count(id) as total FROM $table_userfields_options WHERE field_id= ".intval($_GET['field_id'])." "; $res = Database::query($sql); $row = Database::fetch_row($res); return $row[0]; @@ -131,7 +131,7 @@ function get_number_of_options($from=null, $number_of_items=null, $column=null, function actions_filter($option_id,$url_params,$row) { global $number_of_options; - + $return = ''; if ($row[0]<>1) { $return .= ''.Display::return_icon('up.gif', get_lang('Up')).''; @@ -182,7 +182,7 @@ function move_user_field_option($direction,$option_id) $found = false; - $sql = "SELECT id, option_order FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ORDER BY option_order $sortdirection"; + $sql = "SELECT id, option_order FROM $table_userfields_options WHERE field_id = ".intval($_GET['field_id'])." ORDER BY option_order $sortdirection"; $result = Database::query($sql); while($row = Database::fetch_array($result)) { @@ -201,8 +201,8 @@ function move_user_field_option($direction,$option_id) } } - $sql1 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($next_order)."' WHERE id = '".Database::escape_string($this_id)."'"; - $sql2 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($this_order)."' WHERE id = '".Database::escape_string($next_id)."'"; + $sql1 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($next_order)."' WHERE id = ".intval($this_id).""; + $sql2 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($this_order)."' WHERE id = ".intval($next_id).""; Database::query($sql1); Database::query($sql2); diff --git a/main/admin/user_move_stats.php b/main/admin/user_move_stats.php index f1f4b19bc9..27270d4a3f 100755 --- a/main/admin/user_move_stats.php +++ b/main/admin/user_move_stats.php @@ -1,12 +1,10 @@ 'index.php', "name" => get_lang('PlatformAd $debug = 0; function compare_data($result_message) { - foreach ($result_message as $table=>$data) { - - $title = $table; + foreach ($result_message as $table=>$data) { + + $title = $table; if ($table == 'TRACK_E_EXERCISES') { $title = get_lang('Exercises'); } elseif ($table == 'TRACK_E_EXERCISES_IN_LP') { $title = get_lang('ExercisesInLp'); - } elseif ($table == 'LP_VIEW') { + } elseif ($table == 'LP_VIEW') { $title = get_lang('LearningPaths'); - } + } echo '

    '.get_lang($title).'

    '; - - if (is_array($data)) { + + if (is_array($data)) { foreach ($data as $id => $item) { - + if ($table == 'TRACK_E_EXERCISES' || $table == 'TRACK_E_EXERCISES_IN_LP' ) { - echo "

    ".get_lang('Attempt')." #$id

    "; + echo "

    ".get_lang('Attempt')." #$id

    "; echo '

    '; echo get_lang('Exercise').' #'.$item['exe_exo_id']; - echo '

    '; + echo ''; if (!empty($item['orig_lp_id'])) { echo '

    '; echo get_lang('LearningPath').' #'.$item['orig_lp_id']; echo '

    '; - } + } //Process data $array = array('exe_date' =>get_lang('Date'), 'exe_result' =>get_lang('Score'),'exe_weighting'=>get_lang('Weighting')); foreach($item as $key=> $value) { if (in_array($key,array_keys($array))) { $key = $array[$key]; echo "$key = $value
    "; - } + } } - } else { - echo "

    ".get_lang('Id')." #$id

    "; + } else { + echo "

    ".get_lang('Id')." #$id

    "; //process data foreach($item as $key=> $value) { - echo "$key = $value
    "; + echo "$key = $value
    "; } - } - } + } + } } else { echo get_lang('NoResults'); - } + } } } if (isset($_REQUEST['load_ajax'])) { //Checking the variable $_SESSION['combination'] that has all the information of the selected course (instead of using a lots of hidden variables ... ) if (isset($_SESSION['combination']) && !empty($_SESSION['combination'])) { - $combinations = $_SESSION['combination']; + $combinations = $_SESSION['combination']; $combination_result = $combinations[$_REQUEST['unique_id']]; if (empty($combination_result)) { - echo get_lang('ThereWasAnError'); + echo get_lang('ThereWasAnError'); } else { - $origin_course_code = $combination_result['course_code']; - $origin_session_id = intval($combination_result['session_id']); + $origin_course_code = $combination_result['course_code']; + $origin_session_id = intval($combination_result['session_id']); $new_session_id = intval($_REQUEST['session_id']); - + //if (!isset($_REQUEST['view_stat'])) { - if ($origin_session_id == $new_session_id ) { - echo get_lang('CantMoveToTheSameSession'); - exit; - } + if ($origin_session_id == $new_session_id ) { + echo get_lang('CantMoveToTheSameSession'); + exit; + } //} - $user_id = intval($_REQUEST['user_id']); - + $user_id = intval($_REQUEST['user_id']); + $new_course_list = SessionManager::get_course_list_by_session_id($new_session_id); - + $course_founded = false; - foreach ($new_course_list as $course_item) { + foreach ($new_course_list as $course_item) { if ($origin_course_code == $course_item['code']) { $course_founded = true; } } - - - $result_message = array(); + + $result_message = array(); $result_message_compare = array(); - + $update_database = true; - if (isset($_REQUEST['view_stat']) && $_REQUEST['view_stat'] == 1 ) { + if (isset($_REQUEST['view_stat']) && $_REQUEST['view_stat'] == 1 ) { $update_database = false; } - - //Check if the same course exist in the session destination + + //Check if the same course exist in the session destination if ($course_founded) { - - //Check if the user is registered in the session otherwise we will add it + + //Check if the user is registered in the session otherwise we will add it $result = SessionManager::get_users_by_session($new_session_id); if (empty($result) || !in_array($user_id, array_keys($result))) { - if ($debug) echo 'User added to the session'; + if ($debug) echo 'User added to the session'; //Registering user to the new session - SessionManager::suscribe_users_to_session($new_session_id,array($user_id),false); - } - + SessionManager::suscribe_users_to_session($new_session_id,array($user_id),false); + } + //Begin with the import process - $course_info = api_get_course_info($origin_course_code); - $course_id = $course_info['real_id']; - + $course_info = api_get_course_info($origin_course_code); + $course_id = $course_info['real_id']; + $TABLETRACK_EXERCICES = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES); $TBL_TRACK_ATTEMPT = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ATTEMPT); $TBL_TRACK_E_COURSE_ACCESS = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS); $TBL_TRACK_E_LAST_ACCESS = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LASTACCESS); - + $TBL_LP_VIEW = Database::get_course_table(TABLE_LP_VIEW); $TBL_NOTEBOOK = Database::get_course_table(TABLE_NOTEBOOK); $TBL_STUDENT_PUBLICATION = Database::get_course_table(TABLE_STUDENT_PUBLICATION); $TBL_STUDENT_PUBLICATION_ASSIGNMENT = Database::get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMENT); $TBL_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY); - + $TBL_DROPBOX_FILE = Database::get_course_table(TABLE_DROPBOX_FILE); $TBL_DROPBOX_POST = Database::get_course_table(TABLE_DROPBOX_POST); $TBL_AGENDA = Database::get_course_table(TABLE_AGENDA); - - $course_code = Database::escape_string($course_code); - + //1. track_e_exercises - //ORIGINAL COURSE - - $sql = "SELECT * FROM $TABLETRACK_EXERCICES WHERE exe_cours_id = '$origin_course_code' AND session_id = $origin_session_id AND exe_user_id = $user_id "; + + $sql = "SELECT * FROM $TABLETRACK_EXERCICES + WHERE exe_cours_id = '$origin_course_code' AND session_id = $origin_session_id AND exe_user_id = $user_id "; $res = Database::query($sql); - $list = array(); + $list = array(); while($row = Database::fetch_array($res,'ASSOC')) { $list[$row['exe_id']]= $row; - } - + } + if (!empty($list)) - foreach ($list as $exe_id =>$data) { - if ($update_database) { - $sql = "UPDATE $TABLETRACK_EXERCICES SET session_id = '$new_session_id' WHERE exe_id = $exe_id"; - $res = Database::query($sql); - $result_message[$TABLETRACK_EXERCICES]++; - } else { - if(!empty($data['orig_lp_id']) && !empty($data['orig_lp_item_id'])) { - $result_message['TRACK_E_EXERCISES'][$exe_id] = $data; - } else { - $result_message['TRACK_E_EXERCISES_IN_LP'][$exe_id] = $data; + foreach ($list as $exe_id =>$data) { + if ($update_database) { + $sql = "UPDATE $TABLETRACK_EXERCICES SET session_id = '$new_session_id' WHERE exe_id = $exe_id"; + $res = Database::query($sql); + $result_message[$TABLETRACK_EXERCICES]++; + } else { + if(!empty($data['orig_lp_id']) && !empty($data['orig_lp_item_id'])) { + $result_message['TRACK_E_EXERCISES'][$exe_id] = $data; + } else { + $result_message['TRACK_E_EXERCISES_IN_LP'][$exe_id] = $data; + } } - } - } - + } + //DESTINY COURSE - + if (!$update_database) { - - $sql = "SELECT * FROM $TABLETRACK_EXERCICES WHERE exe_cours_id = '$origin_course_code' AND session_id = $new_session_id AND exe_user_id = $user_id "; + + $sql = "SELECT * FROM $TABLETRACK_EXERCICES WHERE exe_cours_id = '$origin_course_code' AND session_id = $new_session_id AND exe_user_id = $user_id "; $res = Database::query($sql); - $list = array(); + $list = array(); while($row = Database::fetch_array($res,'ASSOC')) { $list[$row['exe_id']]= $row; - } - + } + if (!empty($list)) - foreach ($list as $exe_id =>$data) { - if ($update_database) { - $sql = "UPDATE $TABLETRACK_EXERCICES SET session_id = '$new_session_id' WHERE exe_id = $exe_id"; - $res = Database::query($sql); - $result_message[$TABLETRACK_EXERCICES]++; - } else { - if(!empty($data['orig_lp_id']) && !empty($data['orig_lp_item_id'])) { - $result_message_compare['TRACK_E_EXERCISES'][$exe_id] = $data; - } else { - $result_message_compare['TRACK_E_EXERCISES_IN_LP'][$exe_id] = $data; + foreach ($list as $exe_id =>$data) { + if ($update_database) { + $sql = "UPDATE $TABLETRACK_EXERCICES SET session_id = '$new_session_id' WHERE exe_id = $exe_id"; + $res = Database::query($sql); + $result_message[$TABLETRACK_EXERCICES]++; + } else { + if(!empty($data['orig_lp_id']) && !empty($data['orig_lp_item_id'])) { + $result_message_compare['TRACK_E_EXERCISES'][$exe_id] = $data; + } else { + $result_message_compare['TRACK_E_EXERCISES_IN_LP'][$exe_id] = $data; + } } - } - } - } - + } + } + //2.track_e_attempt, track_e_attempt_recording, track_e_downloads //Nothing to do because there are not relationship with a session - - //3. track_e_course_access - - $sql = "SELECT * FROM $TBL_TRACK_E_COURSE_ACCESS WHERE course_code = '$origin_course_code' AND session_id = $origin_session_id AND user_id = $user_id "; + + //3. track_e_course_access + + $sql = "SELECT * FROM $TBL_TRACK_E_COURSE_ACCESS WHERE course_code = '$origin_course_code' AND session_id = $origin_session_id AND user_id = $user_id "; $res = Database::query($sql); - $list = array(); + $list = array(); while($row = Database::fetch_array($res,'ASSOC')) { $list[$row['course_access_id']] = $row; - } - - if (!empty($list)) - foreach ($list as $id => $data) { - if ($update_database) { - $sql = "UPDATE $TBL_TRACK_E_COURSE_ACCESS SET session_id = '$new_session_id' WHERE course_access_id = $id"; - if ($debug) echo $sql; - $res = Database::query($sql); - if ($debug) var_dump($res); - $result_message[$TBL_TRACK_E_COURSE_ACCESS]++; - } else { - //$result_message[$TBL_TRACK_E_COURSE_ACCESS][$id] = $data; - } } - + + if (!empty($list)) + foreach ($list as $id => $data) { + if ($update_database) { + $sql = "UPDATE $TBL_TRACK_E_COURSE_ACCESS SET session_id = '$new_session_id' WHERE course_access_id = $id"; + if ($debug) echo $sql; + $res = Database::query($sql); + if ($debug) var_dump($res); + $result_message[$TBL_TRACK_E_COURSE_ACCESS]++; + } else { + //$result_message[$TBL_TRACK_E_COURSE_ACCESS][$id] = $data; + } + } + //4. track_e_lastaccess - - $sql = "SELECT access_id FROM $TBL_TRACK_E_LAST_ACCESS WHERE access_cours_code = '$origin_course_code' AND access_session_id = $origin_session_id AND access_user_id = $user_id "; + + $sql = "SELECT access_id FROM $TBL_TRACK_E_LAST_ACCESS WHERE access_cours_code = '$origin_course_code' AND access_session_id = $origin_session_id AND access_user_id = $user_id "; $res = Database::query($sql); - $list = array(); + $list = array(); while($row = Database::fetch_array($res,'ASSOC')) { $list[] = $row['access_id']; - } + } if (!empty($list)) - foreach ($list as $id) { - if ($update_database) { - $sql = "UPDATE $TBL_TRACK_E_LAST_ACCESS SET access_session_id = '$new_session_id' WHERE access_id = $id"; - if ($debug) echo $sql; - $res = Database::query($sql); - if ($debug) var_dump($res); - $result_message[$TBL_TRACK_E_LAST_ACCESS]++; - } - } - + foreach ($list as $id) { + if ($update_database) { + $sql = "UPDATE $TBL_TRACK_E_LAST_ACCESS SET access_session_id = '$new_session_id' WHERE access_id = $id"; + if ($debug) echo $sql; + $res = Database::query($sql); + if ($debug) var_dump($res); + $result_message[$TBL_TRACK_E_LAST_ACCESS]++; + } + } + //5. lp_item_view - //CHECK ORIGIN - + //CHECK ORIGIN + $sql = "SELECT * FROM $TBL_LP_VIEW WHERE user_id = $user_id AND session_id = $origin_session_id AND c_id = $course_id "; $res = Database::query($sql); - - //Getting the list of LPs in the new session + + //Getting the list of LPs in the new session $lp_list = new LearnpathList($user_id, $origin_course_code, $new_session_id); $flat_list = $lp_list->get_flat_list(); - - $list = array(); + + $list = array(); while($row = Database::fetch_array($res,'ASSOC')) { - //Checking if the LP exist in the new session - if (in_array($row['lp_id'], array_keys($flat_list))) { + //Checking if the LP exist in the new session + if (in_array($row['lp_id'], array_keys($flat_list))) { $list[$row['id']] = $row; - } + } } - + if (!empty($list)) - foreach ($list as $id=>$data) { - if ($update_database) { - $sql = "UPDATE $TBL_LP_VIEW SET session_id = '$new_session_id' WHERE c_id = $course_id AND id = $id "; - if ($debug) var_dump($sql); - $res = Database::query($sql); - if ($debug) var_dump($res); - $result_message[$TBL_LP_VIEW]++; - } else { - //Getting all information of that lp_item_id - $score = Tracking::get_avg_student_score($user_id, $origin_course_code, array($data['lp_id']),$origin_session_id); - $progress = Tracking::get_avg_student_progress($user_id, $origin_course_code, array($data['lp_id']),$origin_session_id); - $result_message['LP_VIEW'][$data['lp_id']] = array('score' => $score, 'progress' =>$progress); - } - } - - + foreach ($list as $id=>$data) { + if ($update_database) { + $sql = "UPDATE $TBL_LP_VIEW SET session_id = '$new_session_id' WHERE c_id = $course_id AND id = $id "; + if ($debug) var_dump($sql); + $res = Database::query($sql); + if ($debug) var_dump($res); + $result_message[$TBL_LP_VIEW]++; + } else { + //Getting all information of that lp_item_id + $score = Tracking::get_avg_student_score($user_id, $origin_course_code, array($data['lp_id']),$origin_session_id); + $progress = Tracking::get_avg_student_progress($user_id, $origin_course_code, array($data['lp_id']),$origin_session_id); + $result_message['LP_VIEW'][$data['lp_id']] = array('score' => $score, 'progress' =>$progress); + } + } + + //CHECk DESTINY if (!$update_database) { - $sql = "SELECT * FROM $TBL_LP_VIEW WHERE user_id = $user_id AND session_id = $new_session_id AND c_id = $course_id"; - $res = Database::query($sql); - - //Getting the list of LPs in the new session - $lp_list = new LearnpathList($user_id, $origin_course_code, $new_session_id); - $flat_list = $lp_list->get_flat_list(); - - $list = array(); - while($row = Database::fetch_array($res,'ASSOC')) { - //Checking if the LP exist in the new session - if (in_array($row['lp_id'], array_keys($flat_list))) { - $list[$row['id']] = $row; - } - } - if (!empty($list)) - foreach ($list as $id=>$data) { - //Getting all information of that lp_item_id - $score = Tracking::get_avg_student_score($user_id, $origin_course_code, array($data['lp_id']), $new_session_id); - $progress = Tracking::get_avg_student_progress($user_id, $origin_course_code, array($data['lp_id']), $new_session_id); - $result_message_compare['LP_VIEW'][$data['lp_id']] = array('score' => $score, 'progress' =>$progress); + $sql = "SELECT * FROM $TBL_LP_VIEW WHERE user_id = $user_id AND session_id = $new_session_id AND c_id = $course_id"; + $res = Database::query($sql); + + //Getting the list of LPs in the new session + $lp_list = new LearnpathList($user_id, $origin_course_code, $new_session_id); + $flat_list = $lp_list->get_flat_list(); + + $list = array(); + while($row = Database::fetch_array($res,'ASSOC')) { + //Checking if the LP exist in the new session + if (in_array($row['lp_id'], array_keys($flat_list))) { + $list[$row['id']] = $row; + } + } + if (!empty($list)) + foreach ($list as $id=>$data) { + //Getting all information of that lp_item_id + $score = Tracking::get_avg_student_score($user_id, $origin_course_code, array($data['lp_id']), $new_session_id); + $progress = Tracking::get_avg_student_progress($user_id, $origin_course_code, array($data['lp_id']), $new_session_id); + $result_message_compare['LP_VIEW'][$data['lp_id']] = array('score' => $score, 'progress' =>$progress); } } - - + + //6. Agenda - + //calendar_event_attachment no problems no session_id $sql = "SELECT ref FROM $TBL_ITEM_PROPERTY WHERE tool = 'calendar_event' AND insert_user_id = $user_id AND c_id = $course_id "; $res = Database::query($sql); while($row = Database::fetch_array($res,'ASSOC')) { - $id = $row['ref']; - if ($update_database) { + $id = $row['ref']; + if ($update_database) { $sql = "UPDATE $TBL_AGENDA SET session_id = '$new_session_id' WHERE c_id = $course_id AND id = $id "; - if ($debug) var_dump($sql); + if ($debug) var_dump($sql); $res_update = Database::query($sql); - if ($debug) var_dump($res_update); + if ($debug) var_dump($res_update); $result_message['agenda']++; - } - } - + } + } + //7. Forum ?? So much problems when trying to import data - + //8. Student publication - Works - + //echo '

    Student publication

    '; - + $sql = "SELECT ref FROM $TBL_ITEM_PROPERTY WHERE tool = 'work' AND insert_user_id = $user_id AND c_id = $course_id"; if ($debug) echo $sql; $res = Database::query($sql); while($row = Database::fetch_array($res,'ASSOC')) { $id = $row['ref']; $sql = "SELECT * FROM $TBL_STUDENT_PUBLICATION WHERE id = $id AND session_id = $origin_session_id AND c_id = $course_id"; - if ($debug) var_dump($sql); + if ($debug) var_dump($sql); $sub_res = Database::query($sql); if (Database::num_rows($sub_res) > 0 ) { - $data = Database::fetch_array($sub_res,'ASSOC'); - if ($debug) var_dump($data); + $data = Database::fetch_array($sub_res,'ASSOC'); + if ($debug) var_dump($data); $parent_id = $data['parent_id']; if (isset($data['parent_id']) && !empty($data['parent_id'])) { $sql = "SELECT * FROM $TBL_STUDENT_PUBLICATION WHERE id = $parent_id AND c_id = $course_id"; $select_res = Database::query($sql); $parent_data = Database::fetch_array($select_res,'ASSOC'); if ($debug) var_dump($parent_data); - + $sys_course_path = api_get_path(SYS_COURSE_PATH); $course_dir = $sys_course_path . $course_info['path']; $base_work_dir = $course_dir . '/work'; - require_once api_get_path(SYS_CODE_PATH).'work/work.lib.php'; - - //Creating the parent folder in the session if does not exists already - + require_once api_get_path(SYS_CODE_PATH).'work/work.lib.php'; + + //Creating the parent folder in the session if does not exists already + //@todo ugly fix $search_this = "folder_moved_from_session_id_$origin_session_id"; $search_this2 = $parent_data['url']; - $sql = "SELECT * FROM $TBL_STUDENT_PUBLICATION - WHERE description like '%$search_this%' AND url LIKE '%$search_this2%' AND session_id = $new_session_id AND c_id = $course_id + $sql = "SELECT * FROM $TBL_STUDENT_PUBLICATION + WHERE description like '%$search_this%' AND url LIKE '%$search_this2%' AND session_id = $new_session_id AND c_id = $course_id ORDER BY id desc LIMIT 1"; if ($debug) echo $sql; $sub_res = Database::query($sql); $num_rows = Database::num_rows($sub_res); - - if ($num_rows > 0 ) { + + if ($num_rows > 0 ) { $new_result = Database::fetch_array($sub_res,'ASSOC'); $created_dir = $new_result['url']; - $new_parent_id = $new_result['id']; - } else { - + $new_parent_id = $new_result['id']; + } else { + if ($update_database) { - - $dir_name = substr($parent_data['url'], 1); - $created_dir = create_unexisting_work_directory($base_work_dir, $dir_name); - $created_dir = '/'.$created_dir; - $now = api_get_utc_datetime(); - //Creating directory - $sql_add_publication = "INSERT INTO " . $TBL_STUDENT_PUBLICATION . " SET " . - "url = '".$created_dir."', + + $dir_name = substr($parent_data['url'], 1); + $created_dir = create_unexisting_work_directory($base_work_dir, $dir_name); + $created_dir = '/'.$created_dir; + $now = api_get_utc_datetime(); + //Creating directory + $sql_add_publication = "INSERT INTO " . $TBL_STUDENT_PUBLICATION . " SET " . + "url = '".$created_dir."', c_id = '".$course_id."', title = '".$parent_data['title']."', description = '".$parent_data['description']." folder_moved_from_session_id_$origin_session_id ', author = '', active = '0', accepted = '1', - filetype = 'folder', + filetype = 'folder', sent_date = '".$now."', qualification = '".$parent_data['qualification'] ."', parent_id = '', qualificator_id = '', date_of_qualification = '0000-00-00 00:00:00', - session_id = ".$new_session_id; - $rest_insert = Database::query($sql_add_publication); - if ($debug) echo ($sql_add_publication); - // add the directory - $id = Database::insert_id(); - //Folder created - api_item_property_update($course_info, 'work', $id, 'DirectoryCreated', api_get_user_id()); - if ($debug) var_dump($rest_insert); - $new_parent_id = $id; - $result_message[$TBL_STUDENT_PUBLICATION.' - new folder created called: '.$created_dir]++; - } - } - + session_id = ".$new_session_id; + $rest_insert = Database::query($sql_add_publication); + if ($debug) echo ($sql_add_publication); + // add the directory + $id = Database::insert_id(); + //Folder created + api_item_property_update($course_info, 'work', $id, 'DirectoryCreated', api_get_user_id()); + if ($debug) var_dump($rest_insert); + $new_parent_id = $id; + $result_message[$TBL_STUDENT_PUBLICATION.' - new folder created called: '.$created_dir]++; + } + } + //Creating student_publication_assignment if exists $sql = "SELECT * FROM $TBL_STUDENT_PUBLICATION_ASSIGNMENT WHERE publication_id = $parent_id AND c_id = $course_id"; if ($debug) var_dump($sql); @@ -399,37 +394,37 @@ if (isset($_REQUEST['load_ajax'])) { if (Database::num_rows($rest_select) > 0 ) { if ($update_database) { $assignment_data = Database::fetch_array($rest_select,'ASSOC'); - $sql_add_publication = "INSERT INTO " . $TBL_STUDENT_PUBLICATION_ASSIGNMENT . " SET - c_id = '$course_id', + $sql_add_publication = "INSERT INTO " . $TBL_STUDENT_PUBLICATION_ASSIGNMENT . " SET + c_id = '$course_id', expires_on = '".$assignment_data['expires_on']."', ends_on = '".$assignment_data['ends_on']."', add_to_calendar = '".$assignment_data['add_to_calendar']."', enable_qualification = '".$assignment_data['enable_qualification']."', publication_id = '".$new_parent_id."'"; - if ($debug) echo $sql_add_publication; + if ($debug) echo $sql_add_publication; $rest_select = Database::query($sql_add_publication); $id = Database::insert_id(); - - $sql_update = "UPDATE " . $TBL_STUDENT_PUBLICATION . " SET " . - "has_properties = '".$id."', + + $sql_update = "UPDATE " . $TBL_STUDENT_PUBLICATION . " SET " . + "has_properties = '".$id."', view_properties = '1' WHERE id = ".$new_parent_id; - if ($debug) echo $sql_update; - $rest_update = Database::query($sql_update); - - + if ($debug) echo $sql_update; + $rest_update = Database::query($sql_update); + + if ($debug) var_dump($sql_update); - $result_message[$TBL_STUDENT_PUBLICATION_ASSIGNMENT]++; - } - } - + $result_message[$TBL_STUDENT_PUBLICATION_ASSIGNMENT]++; + } + } + $doc_url = $data['url']; - $new_url = str_replace($parent_data['url'], $created_dir, $doc_url); - - if ($update_database) { - //Creating a new work + $new_url = str_replace($parent_data['url'], $created_dir, $doc_url); + + if ($update_database) { + //Creating a new work $sql_add_publication = "INSERT INTO " . $TBL_STUDENT_PUBLICATION . " SET " . - "url = '" . $new_url . "', + "url = '" . $new_url . "', c_id = '".$course_id."', title = '" . $data['title']. "', description = '" . $data['description'] . " file moved', @@ -440,113 +435,113 @@ if (isset($_REQUEST['load_ajax'])) { sent_date = '".$data['sent_date'] ."', parent_id = '".$new_parent_id ."' , session_id = ".$new_session_id; - - if ($debug) echo $sql_add_publication; - $rest_insert = Database::query($sql_add_publication); + + if ($debug) echo $sql_add_publication; + $rest_insert = Database::query($sql_add_publication); if ($debug) var_dump($rest_insert); $id = Database::insert_id(); api_item_property_update($course_info, 'work', $id, 'DocumentAdded', $user_id); - $result_message[$TBL_STUDENT_PUBLICATION]++; - - $full_file_name = $course_dir.'/'.$doc_url; + $result_message[$TBL_STUDENT_PUBLICATION]++; + + $full_file_name = $course_dir.'/'.$doc_url; $new_file = $course_dir.'/'.$new_url; - + if (file_exists($full_file_name)) { //deleting old assignment - $result = copy($full_file_name, $new_file); + $result = copy($full_file_name, $new_file); if ($result) { - unlink($full_file_name); + unlink($full_file_name); $sql = "DELETE FROM $TBL_STUDENT_PUBLICATION WHERE id= ".$data['id']; if ($debug) var_dump($sql); - $result_delete = Database::query($sql); + $result_delete = Database::query($sql); api_item_property_update($course_info, 'work', $data['id'], 'DocumentDeleted', api_get_user_id()); } } } } - - } - } - - //9. Survey Pending - + + } + } + + //9. Survey Pending + //10. Dropbox - not neccesary to move categories (no presence of session_id) - + $sql = "SELECT id FROM $TBL_DROPBOX_FILE WHERE uploader_id = $user_id AND session_id = $origin_session_id AND c_id = $course_id"; - if ($debug) var_dump($sql); + if ($debug) var_dump($sql); $res = Database::query($sql); while($row = Database::fetch_array($res,'ASSOC')) { $id = $row['id']; if ($update_database) { $sql = "UPDATE $TBL_DROPBOX_FILE SET session_id = '$new_session_id' WHERE c_id = $course_id AND id = $id"; - if ($debug) var_dump($sql); - $res = Database::query($sql); + if ($debug) var_dump($sql); + $res = Database::query($sql); if ($debug) var_dump($res); - + $sql = "UPDATE $TBL_DROPBOX_POST SET session_id = '$new_session_id' WHERE file_id = $id"; - if ($debug) - var_dump($sql); + if ($debug) + var_dump($sql); $res = Database::query($sql); - if ($debug) - var_dump($res); + if ($debug) + var_dump($res); $result_message[$TBL_DROPBOX_FILE]++; - } - } - + } + } + //11. Notebook - - $sql = "SELECT notebook_id FROM $TBL_NOTEBOOK + + $sql = "SELECT notebook_id FROM $TBL_NOTEBOOK WHERE user_id = $user_id AND session_id = $origin_session_id AND course = '$origin_course_code' AND c_id = $course_id"; - if ($debug) var_dump($sql); + if ($debug) var_dump($sql); $res = Database::query($sql); while($row = Database::fetch_array($res,'ASSOC')) { - $id = $row['notebook_id']; - if ($update_database) { - $sql = "UPDATE $TBL_NOTEBOOK SET session_id = '$new_session_id' WHERE c_id = $course_id AND notebook_id = $id"; - if ($debug) var_dump($sql); + $id = $row['notebook_id']; + if ($update_database) { + $sql = "UPDATE $TBL_NOTEBOOK SET session_id = '$new_session_id' WHERE c_id = $course_id AND notebook_id = $id"; + if ($debug) var_dump($sql); $res = Database::query($sql); - if ($debug) var_dump($res); - } + if ($debug) var_dump($res); + } } - + if ($update_database) { echo '

    '.get_lang('StatsMoved').'

    '; - if (is_array($result_message)) + if (is_array($result_message)) foreach ($result_message as $table=>$times) { echo 'Table '.$table.' - '.$times.' records updated
    '; - } - } else { - echo '

    '.get_lang('UserInformationOfThisCourse').'

    '; - - echo '
    '; - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; - echo '
    '; - - if ($origin_session_id == 0 ) { - echo '

    '.get_lang('OriginCourse').'

    '; - } else { - echo '

    '.get_lang('OriginSession').' #'.$origin_session_id.'

    '; } - compare_data($result_message); - echo '    		'; - if ($new_session_id == 0 ) { - echo '

    '.get_lang('DestinyCourse').'

    '; - } else { - echo '

    '.get_lang('DestinySession').' #'.$new_session_id.'

    '; - } - compare_data($result_message_compare); - echo '
    '; + } else { + echo '

    '.get_lang('UserInformationOfThisCourse').'

    '; + + echo '
    '; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo '
    '; + + if ($origin_session_id == 0 ) { + echo '

    '.get_lang('OriginCourse').'

    '; + } else { + echo '

    '.get_lang('OriginSession').' #'.$origin_session_id.'

    '; + } + compare_data($result_message); + echo '    		'; + if ($new_session_id == 0 ) { + echo '

    '.get_lang('DestinyCourse').'

    '; + } else { + echo '

    '.get_lang('DestinySession').' #'.$new_session_id.'

    '; + } + compare_data($result_message_compare); + echo '
    '; } } else { - echo get_lang('CourseDoesNotExistInThisSession'); + echo get_lang('CourseDoesNotExistInThisSession'); } } } else { - echo get_lang('ThereWasAnError'); + echo get_lang('ThereWasAnError'); } exit; } @@ -564,7 +559,7 @@ $htmlHeadXtra[] = ''; function get_courses_list_by_user_id_based_in_exercises($user_id) { $TABLETRACK_EXERCICES = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES); $user_id = intval($user_id); - //$sql = "SELECT DISTINCT exe_user_id, exe_cours_id as code, session_id as id_session FROM $TABLETRACK_EXERCICES WHERE exe_user_id = $user_id GROUP BY exe_user_id, exe_cours_id ORDER by exe_user_id, exe_cours_id ASC"; + //$sql = "SELECT DISTINCT exe_user_id, exe_cours_id as code, session_id as id_session FROM $TABLETRACK_EXERCICES WHERE exe_user_id = $user_id GROUP BY exe_user_id, exe_cours_id ORDER by exe_user_id, exe_cours_id ASC"; $sql = "SELECT DISTINCT exe_user_id, exe_cours_id as code, session_id as id_session FROM $TABLETRACK_EXERCICES WHERE exe_user_id = $user_id ORDER by exe_user_id, exe_cours_id ASC"; - + $res = Database::query($sql); $course_list = array(); while($row = Database::fetch_array($res,'ASSOC')) { - $course_list []= $row; + $course_list []= $row; } - return $course_list; + return $course_list; } @@ -624,13 +619,13 @@ $navigation = "$begin - $end / $count
    "; if ($page > 1) { $navigation .=''.get_lang('Previous').''; } else { - $navigation .= get_lang('Previous'); + $navigation .= get_lang('Previous'); } $navigation .= ' '; $page ++; if ($page < $nro_pages) $navigation .= ''.get_lang('Next').''; -else +else $navigation .= get_lang('Next'); echo $navigation; @@ -639,7 +634,7 @@ $session_list = SessionManager::get_sessions_list(array(),array('name')); $options = ''; $options .= ''; foreach ($session_list as $session_data) { - $my_session_list[$session_data['id']] =$session_data['name']; + $my_session_list[$session_data['id']] =$session_data['name']; $options .= ''; } @@ -647,87 +642,94 @@ $combinations = array(); if (!empty($user_list)) { foreach ($user_list as $user) { - $user_id = $user['user_id']; - //if ($user_id != 78 ) continue; $name = $user['firstname'].' '.$user['lastname']; - $course_list_registered = CourseManager::get_courses_list_by_user_id($user_id, true, false); - + $course_list_registered = CourseManager::get_courses_list_by_user_id( + $user_id, + true, + false + ); + $new_course_list = array(); foreach ($course_list_registered as $course_reg) { if (empty($course_reg['id_session'])) { - $course_reg['id_session'] = 0; + $course_reg['id_session'] = 0; } - $new_course_list[] = $course_reg['code'].'_'.$course_reg['id_session']; + $new_course_list[] = $course_reg['code'].'_'.$course_reg['id_session']; } - + $course_list = get_courses_list_by_user_id_based_in_exercises($user_id); - + if (is_array($course_list) && !empty($course_list)) { foreach ($course_list as $my_course) { $key = $my_course['code'].'_'.$my_course['id_session']; - if(!in_array($key,$new_course_list)) { + + if (!in_array($key, $new_course_list)) { $my_course['not_registered'] = 1; - $course_list_registered[] = $my_course; - } + $course_list_registered[] = $my_course; + } } } + foreach ($course_list_registered as & $course) { + $courseInfo = api_get_course_info($course['code']); + $course['name'] = $courseInfo['name']; + } + $course_list = $course_list_registered; - - echo '
    '; + + echo '
    '; echo ''; - echo ''; - echo ''; - echo ''; - + echo ''; + echo ''; + echo ''; + if (!empty($course_list)) { - echo ''; - - foreach ($course_list as $course) { + echo ''; + foreach ($course_list as $course) { echo ''; + echo ''; } echo ''; echo ''; - + foreach ($course_list as $course) { $course_code = $course['code']; if (empty($course['id_session'])) { - $session_id = 0; + $session_id = 0; } else { - $session_id = $course['id_session']; + $session_id = $course['id_session']; } echo ''; } echo ''; } else { echo ''; - + } echo '
    '; - echo "

    $name #$user_id

    "; - echo '
    '; + echo "

    $name #$user_id

    "; + echo '
    '; if (isset($course['id_session']) && !empty($course['id_session'])) { - echo ''.get_lang('SessionName').' '.$my_session_list[$course['id_session']].'
    '; + echo ''.get_lang('SessionName').' '.$my_session_list[$course['id_session']].'
    '; } - echo $course['title']; + echo $course['name']; echo ' ('.$course['code'].') '; if (isset($course['not_registered']) && !empty($course['not_registered'])) { - echo ' '.get_lang('UserNotRegistered').''; + echo ' '.get_lang('UserNotRegistered').''; } - echo '
    '; echo get_lang('MoveTo'); echo '
    '; $unique_id = uniqid(); $combinations[$unique_id] = array('course_code' =>$course_code, 'session_id'=>$session_id); - + echo ''; - echo '
    '; - echo ''; - echo ''; - echo '
    '; + echo '
    '; + echo ''; + echo ''; + echo '
    '; echo '
    '; - echo get_lang('NoCoursesForThisUser'); + echo get_lang('NoCoursesForThisUser'); echo '
    '; echo '
    '; @@ -735,5 +737,3 @@ if (!empty($user_list)) { } echo $navigation; $_SESSION['combination'] = $combinations; - - diff --git a/main/announcements/announcements.inc.php b/main/announcements/announcements.inc.php index 9abc9a1fc2..d20f58851e 100755 --- a/main/announcements/announcements.inc.php +++ b/main/announcements/announcements.inc.php @@ -566,10 +566,10 @@ class AnnouncementManager if ($insert_id != strval(intval($insert_id))) { return false; } - $insert_id = Database::escape_string($insert_id); + $insert_id = intval($insert_id); $course_id = api_get_course_int_id(); // store the modifications in the table tbl_annoucement - $sql = "UPDATE $tbl_announcement SET email_sent='1' WHERE c_id = $course_id AND id='$insert_id'"; + $sql = "UPDATE $tbl_announcement SET email_sent='1' WHERE c_id = $course_id AND id = $insert_id"; Database::query($sql); } @@ -793,7 +793,7 @@ class AnnouncementManager // adding the individual users to the select form foreach ($ref_array_users as $this_user) { if (!is_array($to_already_selected) || !in_array("USER:" . $this_user['user_id'], $to_already_selected)) { // $to_already_selected is the array containing the users (and groups) that are already selected - echo ""; } @@ -873,10 +873,10 @@ class AnnouncementManager { $tbl_item_property = Database::get_course_table(TABLE_ITEM_PROPERTY); $tool = Database::escape_string($tool); - $id = Database::escape_string($id); + $id = intval($id); $course_id = api_get_course_int_id(); - $sql = "SELECT * FROM $tbl_item_property WHERE c_id = $course_id AND tool='$tool' AND ref='$id'"; + $sql = "SELECT * FROM $tbl_item_property WHERE c_id = $course_id AND tool='$tool' AND ref = $id"; $result = Database::query($sql); while ($row = Database::fetch_array($result)) { $to_group = $row['to_group_id']; diff --git a/main/attendance/attendance_controller.php b/main/attendance/attendance_controller.php index 6e3479e67f..0e111238e7 100755 --- a/main/attendance/attendance_controller.php +++ b/main/attendance/attendance_controller.php @@ -544,33 +544,55 @@ class AttendanceController } /** - * Gets attendace base in the table: + * Gets attendance base in the table: * TABLE_STATISTIC_TRACK_E_COURSE_ACCESS + * @param bool $showForm * @throws ViewException */ - public function calendarLogins() + public function getAttendanceBaseInLogin($showForm = false, $exportToPdf = true) { - $form = new FormValidator( - 'search', - 'post', - api_get_self().'?'.api_get_cidreq().'&action=calendar_logins' - ); - $form->addDateRangePicker('range', get_lang('Range')); - $form->add_button('submit', get_lang('submit')); $table = null; + $formToDisplay = null; + $startDate = null; + $endDate = null; + + $sessionId = api_get_session_id(); + if ($showForm) { + $form = new FormValidator( + 'search', + 'post', + api_get_self() . '?' . api_get_cidreq( + ) . '&action=calendar_logins' + ); + $form->addDateRangePicker('range', get_lang('Range')); + $form->add_button('submit', get_lang('submit')); + + if ($form->validate()) { + $values = $form->getSubmitValues(); + + $startDate = api_get_utc_datetime($values['range_start']); + $endDate = api_get_utc_datetime($values['range_end']); + } + $formToDisplay = $form->return_form(); + } else { + if (!empty($sessionId)) { + $sessionInfo = api_get_session_info($sessionId); + $startDate = $sessionInfo['date_start']; + $endDate = $sessionInfo['date_end']; + } + } - if ($form->validate()) { - $values = $form->getSubmitValues(); - - $startDate = api_get_utc_datetime($values['range_start']); - $endDate = api_get_utc_datetime($values['range_end']); + $attendance = new Attendance(); - $attendance = new Attendance(); - $table = $attendance->getAttendanceLogins($startDate, $endDate); + if ($exportToPdf) { + $result = $attendance->exportAttendanceLogin($startDate, $endDate); + if (empty($result)) { + api_not_allowed(true, get_lang('NoDataAvailable')); + } } - + $table = $attendance->getAttendanceLoginTable($startDate, $endDate); $data = array( - 'form' => $form->return_form(), + 'form' => $formToDisplay, 'table' => $table ); $this->view->set_data($data); diff --git a/main/attendance/attendance_list.php b/main/attendance/attendance_list.php index 772b548abe..cc3d4ebd69 100755 --- a/main/attendance/attendance_list.php +++ b/main/attendance/attendance_list.php @@ -19,8 +19,8 @@ if (api_is_allowed_to_edit(null, true)) { echo ''. Display::return_icon('new_attendance_list.png',get_lang('CreateANewAttendance'),'',ICON_SIZE_MEDIUM).''; - echo ''. - Display::return_icon('attendance_list.png',get_lang('Logins'),'',ICON_SIZE_MEDIUM).''; + /*echo ''. + Display::return_icon('attendance_list.png',get_lang('Logins'),'',ICON_SIZE_MEDIUM).'';*/ echo '
    '; } diff --git a/main/attendance/index.php b/main/attendance/index.php index 94f2b69917..f46c439d17 100755 --- a/main/attendance/index.php +++ b/main/attendance/index.php @@ -92,7 +92,7 @@ if (isset($_GET['calendar_id'])) { $attendance = new Attendance(); // attendance controller object -$attendance_controller = new AttendanceController(); +$attendanceController = new AttendanceController(); $attendance_data = array(); // get attendance data if (!empty($attendance_id)) { @@ -235,53 +235,53 @@ if ($action == 'calendar_add') { // delete selected attendance if (isset($_POST['action']) && $_POST['action'] == 'attendance_delete_select') { - $attendance_controller->attendance_delete($_POST['id']); + $attendanceController->attendance_delete($_POST['id']); } // distpacher actions to controller switch ($action) { case 'attendance_list': - $attendance_controller->attendance_list(); + $attendanceController->attendance_list(); break; case 'attendance_add': if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->attendance_add(); + $attendanceController->attendance_add(); } else { api_not_allowed(); } break; case 'attendance_edit' : if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->attendance_edit($attendance_id); + $attendanceController->attendance_edit($attendance_id); } else { api_not_allowed(); } break; case 'attendance_delete' : if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->attendance_delete($attendance_id); + $attendanceController->attendance_delete($attendance_id); } else { api_not_allowed(); } break; case 'attendance_restore': if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->attendance_restore($attendance_id); + $attendanceController->attendance_restore($attendance_id); } else { api_not_allowed(); } break; case 'attendance_sheet_list': - $attendance_controller->attendance_sheet($action, $attendance_id, $student_id, true); + $attendanceController->attendance_sheet($action, $attendance_id, $student_id, true); break; case 'attendance_sheet_list_no_edit': - $attendance_controller->attendance_sheet($action, $attendance_id, $student_id, false); + $attendanceController->attendance_sheet($action, $attendance_id, $student_id, false); break; case 'attendance_sheet_export_to_pdf': - $attendance_controller->attendance_sheet_export_to_pdf($action, $attendance_id, $student_id, $course_id); + $attendanceController->attendance_sheet_export_to_pdf($action, $attendance_id, $student_id, $course_id); break; case 'attendance_sheet_add' : if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->attendance_sheet($action, $attendance_id); + $attendanceController->attendance_sheet($action, $attendance_id); } else { api_not_allowed(); } @@ -289,7 +289,7 @@ switch ($action) { case 'lock_attendance' : case 'unlock_attendance' : if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->lock_attendance($action, $attendance_id); + $attendanceController->lock_attendance($action, $attendance_id); } else { api_not_allowed(); } @@ -302,13 +302,13 @@ switch ($action) { api_not_allowed(); } case 'calendar_list' : - $attendance_controller->attendance_calendar($action, $attendance_id, $calendar_id); + $attendanceController->attendance_calendar($action, $attendance_id, $calendar_id); break; case 'calendar_logins': if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->calendarLogins(); + $attendanceController->getAttendanceBaseInLogin(false, true); } break; default : - $attendance_controller->attendance_list(); + $attendanceController->attendance_list(); } diff --git a/main/auth/courses.php b/main/auth/courses.php index 2051c4faf2..3c1333b6bd 100755 --- a/main/auth/courses.php +++ b/main/auth/courses.php @@ -1,13 +1,13 @@ - Beeznest * @package chamilo.auth */ -/** - * Code - */ + // Names of the language file that needs to be included. $language_file = array ('courses', 'registration'); @@ -17,7 +17,7 @@ $cidReset = true; // Flag forcing the 'current course' reset // including files require_once '../inc/global.inc.php'; -$ctok = $_SESSION['sec_token']; +$ctok = Security::get_existing_token(); require_once api_get_path(LIBRARY_PATH).'auth.lib.php'; require_once api_get_path(LIBRARY_PATH).'app_view.php'; diff --git a/main/auth/courses_controller.php b/main/auth/courses_controller.php index 5b20ea0ab8..536012fe0e 100755 --- a/main/auth/courses_controller.php +++ b/main/auth/courses_controller.php @@ -1,11 +1,12 @@ - BeezNest * @package chamilo.auth - * - * Class CoursesController */ class CoursesController { @@ -47,15 +48,14 @@ class CoursesController $this->view->set_layout('layout'); $this->view->set_template('courses_list'); $this->view->render(); - } /** * It's used for listing categories, * render to categories_list view - * @param string action - * @param string confirmation message(optional) - * @param string error message(optional) + * @param string $action + * @param string $message confirmation message(optional) + * @param string $error error message(optional) */ public function categories_list($action, $message='', $error='') { @@ -132,9 +132,9 @@ class CoursesController $data['message'] = $message; $data['content'] = $content; $data['error'] = $error; - + $data['catalogShowCoursesSessions'] = 0; - + if (isset($_configuration['catalog_show_courses_sessions'])) { $data['catalogShowCoursesSessions'] = $_configuration['catalog_show_courses_sessions']; } @@ -178,10 +178,10 @@ class CoursesController } $data['user_coursecodes'] = $user_coursecodes; - $data['message'] = $message; - $data['content'] = $content; - $data['error'] = $error; - $data['action'] = 'display_courses'; + $data['message'] = $message; + $data['content'] = $content; + $data['error'] = $error; + $data['action'] = 'display_courses'; // render to the view $this->view->set_data($data); @@ -493,7 +493,7 @@ class CoursesController $url = api_get_path(WEB_PATH) . "main/inc/email_editor.php?action=subscribe_me_to_session&session=$sessionName"; return Display::url(get_lang('Subscribe'), $url, array( - 'class' => 'btn btn-large btn-primary', + 'class' => 'btn btn-large btn-primary', )); } diff --git a/main/auth/inscription.php b/main/auth/inscription.php index 54b6e1c5fa..b72888cdee 100755 --- a/main/auth/inscription.php +++ b/main/auth/inscription.php @@ -482,7 +482,7 @@ if ($form->validate()) { } if ($store_extended) { $sql .= implode(',', $sql_set); - $sql .= " WHERE user_id = '".Database::escape_string($user_id)."'"; + $sql .= " WHERE user_id = ".intval($user_id).""; Database::query($sql); } diff --git a/main/blog/blog.php b/main/blog/blog.php index 78479740c6..50ba373592 100755 --- a/main/blog/blog.php +++ b/main/blog/blog.php @@ -136,7 +136,7 @@ if (isset($_GET['action']) && $_GET['action'] == 'manage_tasks') { } if (isset($_GET['do']) && $_GET['do'] == 'delete_assignment') { - Blog :: delete_assigned_task($blog_id, Database::escape_string((int)$_GET['task_id']), Database::escape_string((int)$_GET['user_id'])); + Blog :: delete_assigned_task($blog_id, intval($_GET['task_id']), intval($_GET['user_id'])); $return_message = array('type' => 'confirmation', 'message' => get_lang('TaskAssignmentDeleted')); } @@ -363,7 +363,7 @@ switch ($current_page) { } break; case 'view_post' : - Blog :: display_post($blog_id, Database::escape_string((int)$_GET['post_id'])); + Blog :: display_post($blog_id, intval($_GET['post_id'])); break; case 'edit_post' : $task_id = (isset ($_GET['task_id']) && is_numeric($_GET['task_id'])) ? $_GET['task_id'] : 0; @@ -377,7 +377,7 @@ switch ($current_page) { if ($_POST) { Display::display_error_message(get_lang('FormHasErrorsPleaseComplete')); } - Blog :: display_form_edit_post($blog_id, Database::escape_string((int)$_GET['post_id'])); + Blog :: display_form_edit_post($blog_id, intval($_GET['post_id'])); } else { if (isset ($_GET['filter']) && !empty ($_GET['filter'])) { Blog :: display_day_results($blog_id, Database::escape_string($_GET['filter'])); @@ -415,11 +415,11 @@ switch ($current_page) { } if (isset($_GET['do']) && $_GET['do'] == 'edit') { - Blog :: display_edit_task_form($blog_id, Database::escape_string($_GET['task_id'])); + Blog :: display_edit_task_form($blog_id, intval($_GET['task_id'])); } if (isset($_GET['do']) && $_GET['do'] == 'edit_assignment') { - Blog :: display_edit_assigned_task_form($blog_id, Database::escape_string((int)$_GET['task_id']), Database::escape_string((int)$_GET['user_id'])); + Blog :: display_edit_assigned_task_form($blog_id, intval($_GET['task_id']), intval($_GET['user_id'])); } Blog :: display_task_list($blog_id); echo '

    '; @@ -432,9 +432,9 @@ switch ($current_page) { break; case 'execute_task' : if (isset ($_GET['post_id'])) - Blog :: display_post($blog_id, Database::escape_string((int)$_GET['post_id'])); + Blog :: display_post($blog_id, intval($_GET['post_id'])); else - Blog :: display_select_task_post($blog_id, Database::escape_string((int)$_GET['task_id'])); + Blog :: display_select_task_post($blog_id, intval($_GET['task_id'])); break; case 'view_search_result' : diff --git a/main/blog/blog_admin.php b/main/blog/blog_admin.php index 3f62731f81..eff372674c 100755 --- a/main/blog/blog_admin.php +++ b/main/blog/blog_admin.php @@ -75,11 +75,11 @@ if (api_is_allowed_to_edit()) { } } if (isset($_GET['action']) && $_GET['action'] == 'visibility') { - Blog::change_blog_visibility(Database::escape_string((int)$_GET['blog_id'])); + Blog::change_blog_visibility(intval($_GET['blog_id'])); Display::display_confirmation_message(get_lang('VisibilityChanged')); } if (isset($_GET['action']) && $_GET['action'] == 'delete') { - Blog::delete_blog(Database::escape_string((int)$_GET['blog_id'])); + Blog::delete_blog(intval($_GET['blog_id'])); Display::display_confirmation_message(get_lang('BlogDeleted')); } @@ -115,7 +115,7 @@ if (api_is_allowed_to_edit()) { if ($_POST) { Display::display_error_message(get_lang('FormHasErrorsPleaseComplete')); } - Blog::display_edit_blog_form(Database::escape_string((int)$_GET['blog_id'])); + Blog::display_edit_blog_form(intval($_GET['blog_id'])); } } Blog::display_blog_list(); diff --git a/main/calendar/agenda.inc.php b/main/calendar/agenda.inc.php index 04fc03d7ee..2ce7ed6fca 100755 --- a/main/calendar/agenda.inc.php +++ b/main/calendar/agenda.inc.php @@ -166,8 +166,7 @@ function get_calendar_items($select_month, $select_year, $select_day = false) AND ip.tool='".TOOL_CALENDAR_EVENT."' AND ip.visibility='1' $session_condition - GROUP BY ip.ref - ORDER $sort_item $sort"; + GROUP BY ip.ref"; } // A.3.b you are a course admin or a student else { @@ -1139,7 +1138,7 @@ function store_agenda_item_as_announcement($item_id) } //get the agenda item - $item_id = Database::escape_string($item_id); + $item_id = intval($item_id); $sql = "SELECT * FROM $table_agenda WHERE id = ".$item_id; $res = Database::query($sql); $course_id = api_get_course_int_id(); @@ -1244,9 +1243,9 @@ function sent_to($tool, $id) { $TABLE_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY); $tool = Database::escape_string($tool); - $id = Database::escape_string($id); + $id = intval($id); - $sql = "SELECT * FROM $TABLE_ITEM_PROPERTY WHERE tool='".$tool."' AND ref='".$id."'"; + $sql = "SELECT * FROM $TABLE_ITEM_PROPERTY WHERE tool='".$tool."' AND ref= ".$id.""; $result = Database::query($sql); while ($row = Database::fetch_array($result)) { // if to_group_id is null then it is sent to a specific user @@ -1310,7 +1309,7 @@ function sent_to_form($sent_to_array) if (isset($sent_to_array['users'])) { if (is_array($sent_to_array['users'])) { foreach ($sent_to_array['users'] as $user_id) { - // @todo add username as tooltip - is this fucntion still used ? + // @todo add username as tooltip - is this function still used ? // $user_info= api_get_user_info($user_id); // $username = api_htmlentities(sprintf(get_lang('LoginX'), $user_info['username']), ENT_QUOTES); $output[] = api_get_person_name($user_info['firstName'], $user_info['lastName']); @@ -1443,12 +1442,12 @@ function show_user_group_filter_form() function load_edit_users($tool, $id) { $tool = Database::escape_string($tool); - $id = Database::escape_string($id); + $id = intval($id); $TABLE_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY); $course_id = api_get_course_int_id(); $sql = "SELECT * FROM $TABLE_ITEM_PROPERTY - WHERE c_id = $course_id AND tool='$tool' AND ref='$id'"; + WHERE c_id = $course_id AND tool='$tool' AND ref= $id "; $result = Database::query($sql); $to = array(); @@ -1480,13 +1479,13 @@ function change_visibility($tool, $id, $visibility) $_course = api_get_course_info(); $TABLE_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY); $tool = Database::escape_string($tool); - $id = Database::escape_string($id); + $id = intval($id); if ($visibility == 0) { - $sql_visibility = "UPDATE $TABLE_ITEM_PROPERTY SET visibility='0' WHERE tool='$tool' AND ref='$id'"; + $sql_visibility = "UPDATE $TABLE_ITEM_PROPERTY SET visibility='0' WHERE tool='$tool' AND ref= $id "; api_item_property_update($_course, TOOL_CALENDAR_EVENT, $id, "invisible", api_get_user_id()); } else { - $sql_visibility = "UPDATE $TABLE_ITEM_PROPERTY SET visibility='1' WHERE tool='$tool' AND ref='$id'"; + $sql_visibility = "UPDATE $TABLE_ITEM_PROPERTY SET visibility='1' WHERE tool='$tool' AND ref= $id "; api_item_property_update($_course, TOOL_CALENDAR_EVENT, $id, "visible", api_get_user_id()); } } @@ -1553,18 +1552,18 @@ function get_agenda_item($id) global $TABLEAGENDA; $t_agenda_repeat = Database::get_course_table(TABLE_AGENDA_REPEAT); - $id = Database::escape_string($id); + $id = intval($id); $item = array(); if (empty($id)) { - $id = intval(Database::escape_string(($_GET['id']))); + $id = intval($_GET['id']); } else { - $id = (int) $id; + $id = intval($id); } $course_id = api_get_course_int_id(); if (empty($id)) { return $item; } - $sql = "SELECT * FROM ".$TABLEAGENDA." WHERE id='".$id."' AND c_id = $course_id "; + $sql = "SELECT * FROM ".$TABLEAGENDA." WHERE id = ".$id." AND c_id = $course_id "; $result = Database::query($sql); $entry_to_edit = Database::fetch_array($result); $item['title'] = $entry_to_edit["title"]; @@ -1665,7 +1664,7 @@ function store_edited_agenda_item($event_id, $id_attach, $file_comment) function save_edit_agenda_item($id, $title, $content, $start_date, $end_date) { $TABLEAGENDA = Database::get_course_table(TABLE_AGENDA); - $id = Database::escape_string($id); + $id = intval($id); $title = Database::escape_string($title); $content = Database::escape_string($content); $start_date = Database::escape_string($start_date); @@ -1694,7 +1693,7 @@ function save_edit_agenda_item($id, $title, $content, $start_date, $end_date) function delete_agenda_item($id) { $_course = api_get_course_info(); - $id = Database::escape_string($id); + $id = intval($id); if (api_is_allowed_to_edit(false, true) OR (api_get_course_setting('allow_user_edit_agenda') && !api_is_anonymous())) { if (!empty($_GET['id']) && isset($_GET['action']) && $_GET['action'] == "delete") { $t_agenda = Database::get_course_table(TABLE_AGENDA); @@ -1949,9 +1948,9 @@ function get_attachment($agenda_id, $course_id = null) } else { $course_id = intval($course_id); } - $agenda_id = Database::escape_string($agenda_id); + $agenda_id = intval($agenda_id); $row = array(); - $sql = 'SELECT id,path, filename,comment FROM '.$agenda_table_attachment.' WHERE c_id = '.$course_id.' AND agenda_id = '.(int) $agenda_id.''; + $sql = 'SELECT id,path, filename,comment FROM '.$agenda_table_attachment.' WHERE c_id = '.$course_id.' AND agenda_id = '.$agenda_id.''; $result = Database::query($sql); if (Database::num_rows($result) != 0) { $row = Database::fetch_array($result); @@ -3417,8 +3416,8 @@ function show_add_form($id = '', $type = null) $safe_file_comment = Database::escape_string($file_comment); $safe_file_name = Database::escape_string($file_name); $safe_new_file_name = Database::escape_string($new_file_name); - $safe_agenda_id = (int) $agenda_id; - $safe_id_attach = (int) $id_attach; + $safe_agenda_id = intval($agenda_id); + $safe_id_attach = intval($id_attach); // Storing the attachments if any if ($result) { $sql = "UPDATE $agenda_table_attachment SET filename = '$safe_file_name', comment = '$safe_file_comment', path = '$safe_new_file_name', agenda_id = '$safe_agenda_id', size ='".intval($_FILES['user_upload']['size'])."' @@ -3737,17 +3736,17 @@ function show_add_form($id = '', $type = null) function get_global_agenda_items($agendaitems, $day = "", $month = "", $year = "", $week = "", $type) { $tbl_global_agenda = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR); - $month = Database::escape_string($month); - $year = Database::escape_string($year); - $week = Database::escape_string($week); - $day = Database::escape_string($day); + $month = intval($month); + $year = intval($year); + $week = intval($week); + $day = intval($day); // 1. creating the SQL statement for getting the personal agenda items in MONTH view $current_access_url_id = api_get_current_access_url_id(); if ($type == "month_view" or $type == "") { // We are in month view - $sql = "SELECT * FROM ".$tbl_global_agenda." WHERE MONTH(start_date)='".$month."' AND YEAR(start_date) = '".$year."' AND access_url_id = $current_access_url_id ORDER BY start_date ASC"; + $sql = "SELECT * FROM ".$tbl_global_agenda." WHERE MONTH(start_date) = ".$month." AND YEAR(start_date) = ".$year." AND access_url_id = $current_access_url_id ORDER BY start_date ASC"; } // 2. creating the SQL statement for getting the personal agenda items in WEEK view if ($type == "week_view") { // we are in week view diff --git a/main/calendar/agenda.lib.php b/main/calendar/agenda.lib.php index 2c87f5f0a8..f2b2b4dc72 100755 --- a/main/calendar/agenda.lib.php +++ b/main/calendar/agenda.lib.php @@ -497,7 +497,7 @@ class Agenda } // Get the agenda item. - $item_id = Database::escape_string($item_id); + $item_id = intval($item_id); $sql = "SELECT * FROM $table_agenda WHERE c_id = $course_id AND id = ".$item_id; $res = Database::query($sql); @@ -1913,7 +1913,7 @@ class Agenda */ public static function changeVisibility($id, $visibility, $courseInfo, $userId = null) { - $id = Database::escape_string($id); + $id = intval($id); if (empty($userId)) { $userId = api_get_user_id(); } else { @@ -1953,7 +1953,7 @@ class Agenda { $tableAttachment = Database::get_course_table(TABLE_AGENDA_ATTACHMENT); $courseId = intval($courseInfo['real_id']); - $eventId = Database::escape_string($eventId); + $eventId = intval($eventId); $row = array(); $sql = "SELECT id, path, filename, comment FROM $tableAttachment diff --git a/main/calendar/myagenda.inc.php b/main/calendar/myagenda.inc.php index f06aea569e..74333e816a 100755 --- a/main/calendar/myagenda.inc.php +++ b/main/calendar/myagenda.inc.php @@ -709,7 +709,7 @@ function get_personal_agenda_items($user_id, $agendaitems, $day = "", $month = " */ function get_personal_agenda_item($id) { $tbl_personal_agenda = Database :: get_user_personal_table(TABLE_PERSONAL_AGENDA); - $id = Database::escape_string($id); + $id = intval($id); // make sure events of the personal agenda can only be seen by the user himself $user = api_get_user_id(); $sql = " SELECT * FROM ".$tbl_personal_agenda." WHERE id=".$id." AND user = ".$user; @@ -983,6 +983,8 @@ function get_personal_agenda_items_between_dates($user_id, $date_start='', $date $result = Database::query($sqlquery); while ($item = Database::fetch_array($result)) { $agendaday = date("j",strtotime($item['start_date'])); + $month = date("n",strtotime($item['start_date'])); + $year = date("Y",strtotime($item['start_date'])); $URL = api_get_path(WEB_PATH)."main/calendar/agenda.php?cidReq=".urlencode($course["code"])."&day=$agendaday&month=$month&year=$year#$agendaday"; list($year,$month,$day,$hour,$min,$sec) = split('[-: ]',$item['start_date']); $start_date = $year.$month.$day.$hour.$min; diff --git a/main/chat/chat.php b/main/chat/chat.php index c266b705eb..347d0d8f0a 100755 --- a/main/chat/chat.php +++ b/main/chat/chat.php @@ -39,7 +39,7 @@ if (!empty($mycourseid) && $mycourseid != -1) { $open_chat_window = api_get_course_setting('allow_open_chat_window'); } -$cidreq = Security::remove_XSS($_GET['cidReq']); +$courseCode = Security::remove_XSS($_GET['cidReq']); ?> @@ -76,12 +76,13 @@ if (empty($open_chat_window)) { } $url = api_get_path(WEB_CODE_PATH).'chat/'; +$params = "cidReq=".$courseCode.'&id_session='.api_get_session_id(); echo '
    '; -echo ''; -echo ''; -echo ''; -echo ''; +echo ''; +echo ''; +echo ''; +echo ''; echo '
    '; if (empty($open_chat_window)) { diff --git a/main/chat/chat_message.php b/main/chat/chat_message.php index 2388f94514..6c79afd935 100755 --- a/main/chat/chat_message.php +++ b/main/chat/chat_message.php @@ -77,13 +77,19 @@ if ($sent) {
    @@ -92,8 +98,7 @@ if ($sent) { diff --git a/main/course_home/activity.php b/main/course_home/activity.php index fa4117e7fb..c0913ac7dd 100755 --- a/main/course_home/activity.php +++ b/main/course_home/activity.php @@ -65,7 +65,6 @@ if ($enabled == 'true') { // COURSE ADMIN ONLY VIEW // Start of tools for CourseAdmins (teachers/tutors) - if ($session_id == 0 && api_is_course_admin() && api_is_allowed_to_edit(null, true)) { $content .= '
    '); @@ -292,7 +292,17 @@ $form->addElement('html', '
    '); $form->addElement('style_submit_button', 'submitDocument', get_lang('SendDocument'), 'class="upload"'); $form->add_real_progress_bar('DocumentUpload', 'file'); -$defaults = array('index_document' => 'checked="checked"'); +$fileExistsOption = api_get_configuration_value('document_if_file_exists_option'); + +$defaultFileExistsOption = 'rename'; +if (!empty($fileExistsOption)) { + $defaultFileExistsOption = $fileExistsOption; +} + +$defaults = array( + 'index_document' => 'checked="checked"', + 'if_exists' => $defaultFileExistsOption +); $form->setDefaults($defaults); diff --git a/main/dropbox/dropbox_class.inc.php b/main/dropbox/dropbox_class.inc.php index 3da441af9a..77e60e8b70 100755 --- a/main/dropbox/dropbox_class.inc.php +++ b/main/dropbox/dropbox_class.inc.php @@ -121,20 +121,20 @@ class Dropbox_Work $this->id = $res['id']; $this->upload_date = $res['upload_date']; $sql = "UPDATE ".$dropbox_cnf["tbl_file"]." SET - filesize = '".Database::escape_string($this->filesize)."' , + filesize = '".intval($this->filesize)."' , title = '".Database::escape_string($this->title)."', description = '".Database::escape_string($this->description)."', author = '".Database::escape_string($this->author)."', last_upload_date = '".Database::escape_string($this->last_upload_date)."' - WHERE c_id = $course_id AND id='".Database::escape_string($this->id)."'"; + WHERE c_id = $course_id AND id = ".intval($this->id).""; Database::query($sql); } else { $this->upload_date = $this->last_upload_date; $sql = "INSERT INTO ".$dropbox_cnf['tbl_file']." (c_id, uploader_id, filename, filesize, title, description, author, upload_date, last_upload_date, session_id) VALUES ( $course_id, - '".Database::escape_string($this->uploader_id)."' + '".intval($this->uploader_id)."' , '".Database::escape_string($this->filename)."' - , '".Database::escape_string($this->filesize)."' + , '".intval($this->filesize)."' , '".Database::escape_string($this->title)."' , '".Database::escape_string($this->description)."' , '".Database::escape_string($this->author)."' @@ -148,7 +148,7 @@ class Dropbox_Work } $sql = "SELECT count(file_id) as count FROM ".$dropbox_cnf['tbl_person']." - WHERE c_id = $course_id AND file_id = '".Database::escape_string($this->id)."' AND user_id = ".$this->uploader_id; + WHERE c_id = $course_id AND file_id = ".intval($this->id)." AND user_id = ".$this->uploader_id; $result = Database::query($sql); $row = Database::fetch_array($result); if ($row['count'] == 0) { @@ -156,8 +156,8 @@ class Dropbox_Work // Insert entries into person table $sql = "INSERT INTO ".$dropbox_cnf['tbl_person']." (c_id, file_id, user_id) VALUES ($course_id, - '".Database::escape_string($this->id)."' - , '".Database::escape_string($this->uploader_id)."' + ".intval($this->id)." + , ".intval($this->uploader_id)." )"; Database::query($sql); } @@ -181,7 +181,7 @@ class Dropbox_Work // Get the data from DB $sql = "SELECT uploader_id, filename, filesize, title, description, author, upload_date, last_upload_date, cat_id FROM ".$dropbox_cnf['tbl_file']." - WHERE c_id = $course_id AND id = '".Database::escape_string($id)."'"; + WHERE c_id = $course_id AND id = ".intval($id).""; $result = Database::query($sql); $res = Database::fetch_array($result, 'ASSOC'); @@ -351,7 +351,7 @@ class Dropbox_SentWork extends Dropbox_Work $this->recipients = array(); $sql = "SELECT dest_user_id, feedback_date, feedback FROM ".$dropbox_cnf['tbl_post']." - WHERE c_id = $course_id AND file_id='".Database::escape_string($id)."'"; + WHERE c_id = $course_id AND file_id = ".intval($id).""; $result = Database::query($sql); while ($res = Database::fetch_array($result, 'ASSOC')) { @@ -430,8 +430,8 @@ class Dropbox_Person FROM $file_tbl f INNER JOIN $person_tbl p ON (f.id = p.file_id AND f.c_id = $course_id AND p.c_id = $course_id) WHERE - f.uploader_id = '".Database::escape_string($this->userId)."' AND - p.user_id = '".Database::escape_string($this->userId)."' + f.uploader_id = ".intval($this->userId)." AND + p.user_id = ".intval($this->userId)." $condition_session "; $result = Database::query($sql); diff --git a/main/dropbox/dropbox_functions.inc.php b/main/dropbox/dropbox_functions.inc.php index 08ede3ec2e..8122ed8b57 100755 --- a/main/dropbox/dropbox_functions.inc.php +++ b/main/dropbox/dropbox_functions.inc.php @@ -221,16 +221,16 @@ function store_move($id, $target, $part) if ((isset($id) AND $id != '') AND (isset($target) AND $target != '') AND (isset($part) AND $part != '')) { if ($part == 'received') { - $sql = "UPDATE ".$dropbox_cnf["tbl_post"]." SET cat_id='".Database::escape_string($target)."' - WHERE c_id = $course_id AND dest_user_id='".Database::escape_string($_user['user_id'])."' - AND file_id='".Database::escape_string($id)."'"; + $sql = "UPDATE ".$dropbox_cnf["tbl_post"]." SET cat_id = ".intval($target)." + WHERE c_id = $course_id AND dest_user_id = ".intval($_user['user_id'])." + AND file_id = ".intval($id).""; Database::query($sql); $return_message = get_lang('ReceivedFileMoved'); } if ($part == 'sent') { - $sql = "UPDATE ".$dropbox_cnf["tbl_file"]." SET cat_id='".Database::escape_string($target)."' - WHERE c_id = $course_id AND uploader_id='".Database::escape_string($_user['user_id'])."' - AND id='".Database::escape_string($id)."'"; + $sql = "UPDATE ".$dropbox_cnf["tbl_file"]." SET cat_id = ".intval($target)." + WHERE c_id = $course_id AND uploader_id = ".intval($_user['user_id'])." + AND id = ".intval($id).""; Database::query($sql); $return_message = get_lang('SentFileMoved'); } @@ -386,7 +386,7 @@ function store_addcategory() // step 3b, we add the category if it does not exist yet. if (Database::num_rows($result) == 0) { $sql = "INSERT INTO ".$dropbox_cnf['tbl_category']." (c_id, cat_name, received, sent, user_id, session_id) - VALUES ($course_id, '".Database::escape_string($_POST['category_name'])."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', '".Database::escape_string($_user['user_id'])."',$session_id)"; + VALUES ($course_id, '".Database::escape_string($_POST['category_name'])."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', ".intval($_user['user_id']).", $session_id)"; Database::query($sql); return array('type' => 'confirmation', 'message' => get_lang('CategoryStored')); } else { @@ -394,8 +394,8 @@ function store_addcategory() } } else { $sql = "UPDATE ".$dropbox_cnf['tbl_category']." SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."' - WHERE c_id = $course_id AND user_id='".Database::escape_string($_user['user_id'])."' - AND cat_id='".Database::escape_string($_POST['edit_id'])."'"; + WHERE c_id = $course_id AND user_id = ".intval($_user['user_id'])." + AND cat_id = ".intval($_POST['edit_id']).""; Database::query($sql); return array('type' => 'confirmation', 'message' => get_lang('CategoryModified')); } @@ -420,7 +420,7 @@ function display_addcategory_form($category_name = '', $id = '', $action) if (isset($id) AND $id != '') { // retrieve the category we are editing - $sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND cat_id='".Database::escape_string($id)."'"; + $sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND cat_id = ".intval($id).""; $result = Database::query($sql); $row = Database::fetch_array($result); @@ -938,7 +938,7 @@ function display_user_link_work($user_id, $name = '') { if ($user_id != 0) { if (empty($name)) { $table_user = Database::get_main_table(TABLE_MAIN_USER); - $sql = "SELECT * FROM $table_user WHERE user_id='".Database::escape_string($user_id)."'"; + $sql = "SELECT * FROM $table_user WHERE user_id = ".intval($user_id).""; $result = Database::query($sql); $row = Database::fetch_array($result); return ''.api_get_person_name($row['firstname'], $row['lastname']).''; @@ -1264,7 +1264,7 @@ function get_last_tool_access($tool, $course_code = '', $user_id='') $sql = "SELECT access_date FROM $table_last_access WHERE - access_user_id='".Database::escape_string($user_id)."' AND + access_user_id = ".intval($user_id)." AND access_cours_code='".Database::escape_string($course_code)."' AND access_tool='".Database::escape_string($tool)."' ORDER BY access_date DESC diff --git a/main/exercice/addlimits.php b/main/exercice/addlimits.php index 47f3ca6586..f94e07aa87 100755 --- a/main/exercice/addlimits.php +++ b/main/exercice/addlimits.php @@ -169,9 +169,9 @@ Time : * @todo shouldn't this be moved to the part above (around line 111: action handling) */ if (isset($_POST['ok'])) { - $exercise_id = Database::escape_string($_POST['exe_id']); + $exercise_id = intval($_POST['exe_id']); if ($_POST['limit']==1) { - $minutes = Database::escape_string($_POST['minutes']); + $minutes = intval($_POST['minutes']); $query = "UPDATE ".$TBL_EXERCICES." SET ques_time_limit= $minutes WHERE id= $exercise_id"; Database::query($query); } else { @@ -180,7 +180,7 @@ if (isset($_POST['ok'])) { } if ($_POST['attempt']==1) { - $attempts = Database::escape_string($_POST['attempts']); + $attempts = intval($_POST['attempts']); $query = "UPDATE ".$TBL_EXERCICES." SET num_attempts = $attempts WHERE id= $exercise_id"; Database::query($query); } else { diff --git a/main/exercice/answer.class.php b/main/exercice/answer.class.php index d4b6e98be0..01ce374d98 100755 --- a/main/exercice/answer.class.php +++ b/main/exercice/answer.class.php @@ -495,7 +495,7 @@ class Answer hotspot_coordinates = '".Database::escape_string($hotspot_coordinates)."', hotspot_type = '".Database::escape_string($hotspot_type)."' WHERE c_id = {$this->course_id} AND id = '$id' - AND question_id = '".Database::escape_string($questionId)."'"; + AND question_id = ".intval($questionId).""; Database::query($sql); } diff --git a/main/exercice/answer_admin.inc.php b/main/exercice/answer_admin.inc.php index 5ec3ceae55..f85aee7087 100755 --- a/main/exercice/answer_admin.inc.php +++ b/main/exercice/answer_admin.inc.php @@ -1013,7 +1013,7 @@ if ($modifyAnswers) { ?>

          diff --git a/main/exercice/evalmathnotation.php b/main/exercice/evalmathnotation.php index b483c0d6ac..46ecee040a 100644 --- a/main/exercice/evalmathnotation.php +++ b/main/exercice/evalmathnotation.php @@ -18,21 +18,31 @@ get_lang('PiNumberPi')."\n". get_lang('SineSin')."\n". get_lang('HyperbolicSineSinh')."\n". get_lang('ArcsineArcsin')."\n". -get_lang('InverseSineAsin')."\n". get_lang('HyperbolicArcsineArcsinh')."\n". -get_lang('InverseHyperbolicSineAsinh')."\n". "\n". get_lang('CosineCos')."\n". get_lang('HyperbolicCosineCosh')."\n". get_lang('ArccosineArccos')."\n". -get_lang('InverseCosineAcos')."\n". get_lang('HyperbolicArccosineArccosh')."\n". -get_lang('InverseHyperbolicCosineAcosh')."\n". "\n". get_lang('TangentTan')."\n". get_lang('HyperbolicTangentTanh')."\n". get_lang('ArctangentArctan')."\n". -get_lang('InverseTangentAtan')."\n". get_lang('HyperbolicArctangentArctanh')."\n". -get_lang('InverseHyperbolicTangentAtanh'). +"\n". +get_lang('CotangentCot')."\n". +get_lang('HyperbolicCotangentCoth')."\n". +get_lang('ArccotangentArccot')."\n". +get_lang('HyperbolicArccotangentArccoth')."\n". +"\n". +get_lang('SecantSec')."\n". +get_lang('HyperbolicSecantSech')."\n". +get_lang('ArcsecantArcsec')."\n". +get_lang('HyperbolicArcsecantArcsech')."\n". +"\n". +get_lang('CosecantCsc')."\n". +get_lang('HyperbolicCosecantCsch')."\n". +get_lang('ArccosecantArccsc')."\n". +get_lang('HyperbolicArccosecantArccsch')."\n". +"\n". ""; diff --git a/main/exercice/exercise.class.php b/main/exercice/exercise.class.php index e3cb2c403f..1b554f97c4 100755 --- a/main/exercice/exercise.class.php +++ b/main/exercice/exercise.class.php @@ -446,7 +446,7 @@ class Exercise $sql = "SELECT DISTINCT e.question_order FROM $TBL_EXERCICE_QUESTION e INNER JOIN $TBL_QUESTIONS q ON (e.question_id = q.id AND e.c_id = ".$this->course_id." AND q.c_id = ".$this->course_id.") - WHERE e.exercice_id = '".Database::escape_string($this->id)."'"; + WHERE e.exercice_id = ".intval($this->id).""; $result = Database::query($sql); $count_question_orders = Database::num_rows($result); @@ -454,7 +454,7 @@ class Exercise $sql = "SELECT e.question_id, e.question_order FROM $TBL_EXERCICE_QUESTION e INNER JOIN $TBL_QUESTIONS q ON (e.question_id= q.id AND e.c_id = ".$this->course_id." AND q.c_id = ".$this->course_id.") - WHERE e.exercice_id = '".Database::escape_string($this->id)."' + WHERE e.exercice_id = ".intval($this->id)." ORDER BY question_order"; $result = Database::query($sql); @@ -816,28 +816,28 @@ class Exercise if ($type_e != 'simple') { $sql .= ",sound='".Database::escape_string($sound)."', - type ='".Database::escape_string($type)."', - random ='".Database::escape_string($random)."', - random_answers ='".Database::escape_string($random_answers)."', - active ='".Database::escape_string($active)."', - feedback_type ='".Database::escape_string($feedback_type)."', + type = ".intval($type).", + random = ".intval($random).", + random_answers = ".intval($random_answers).", + active = ".intval($active).", + feedback_type = ".intval($feedback_type).", start_time = '$start_time', end_time = '$end_time', - max_attempt ='".Database::escape_string($attempts)."', - expired_time ='".Database::escape_string($expired_time)."', - propagate_neg ='".Database::escape_string($propagate_neg)."', - review_answers ='".Database::escape_string($review_answers)."', - random_by_category='".Database::escape_string($randomByCat)."', + max_attempt = ".intval($attempts).", + expired_time = ".intval($expired_time).", + propagate_neg = ".intval($propagate_neg).", + review_answers = ".intval($review_answers).", + random_by_category= ".intval($randomByCat).", text_when_finished = '".Database::escape_string($text_when_finished)."', - display_category_name = '".Database::escape_string($display_category_name)."', - pass_percentage = '".Database::escape_string($pass_percentage)."', - results_disabled='".Database::escape_string($results_disabled)."'"; + display_category_name = ".intval($display_category_name).", + pass_percentage = ".intval($pass_percentage).", + results_disabled= ".intval($results_disabled).""; } - $sql .= " WHERE c_id = ".$this->course_id." AND id='".Database::escape_string($id)."'"; + $sql .= " WHERE c_id = ".$this->course_id." AND id = ".intval($id).""; Database::query($sql); // update into the item_property table - api_item_property_update($_course, TOOL_QUIZ, $id,'QuizUpdated',api_get_user_id()); + api_item_property_update($_course, TOOL_QUIZ, $id, 'QuizUpdated', api_get_user_id()); if (api_get_setting('search_enabled')=='true') { $this->search_engine_edit(); @@ -871,20 +871,20 @@ class Exercise '".Database::escape_string($exercise)."', '".Database::escape_string($description)."', '".Database::escape_string($sound)."', - '".Database::escape_string($type)."', - '".Database::escape_string($random)."', - '".Database::escape_string($random_answers)."', - '".Database::escape_string($active)."', - '".Database::escape_string($results_disabled)."', - '".Database::escape_string($attempts)."', - '".Database::escape_string($feedback_type)."', - '".Database::escape_string($expired_time)."', - '".Database::escape_string($session_id)."', - '".Database::escape_string($review_answers)."', - '".Database::escape_string($randomByCat)."', + ".intval($type).", + ".intval($random).", + ".intval($random_answers).", + ".intval($active).", + ".intval($results_disabled).", + ".intval($attempts).", + ".intval($feedback_type).", + ".intval($expired_time).", + ".intval($session_id).", + ".intval($review_answers).", + ".intval($randomByCat).", '".Database::escape_string($text_when_finished)."', - '".Database::escape_string($display_category_name)."', - '".Database::escape_string($pass_percentage)."' + ".intval($display_category_name).", + ".intval($pass_percentage)." )"; Database::query($sql); $this->id = Database::insert_id(); @@ -986,7 +986,7 @@ class Exercise { $TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST); $sql = "UPDATE $TBL_EXERCICES SET active='-1' - WHERE c_id = ".$this->course_id." AND id='".Database::escape_string($this->id)."'"; + WHERE c_id = ".$this->course_id." AND id = ".intval($this->id).""; Database::query($sql); api_item_property_update($this->course, TOOL_QUIZ, $this->id, 'QuizDeleted', api_get_user_id()); api_item_property_update($this->course, TOOL_QUIZ, $this->id, 'delete', api_get_user_id()); @@ -1914,7 +1914,7 @@ class Exercise buttons: { '".addslashes(get_lang("EndTest"))."': function() { $('#clock_warning').dialog('close'); - }, + } }, close: function() { send_form(); @@ -2515,7 +2515,7 @@ class Exercise $queryfill = "SELECT answer FROM ".$TBL_TRACK_ATTEMPT." WHERE exe_id = '".$exeId."' AND - question_id= '".Database::escape_string($questionId)."'"; + question_id= ".intval($questionId).""; $resfill = Database::query($queryfill); $str = Database::result($resfill, 0, 'answer'); @@ -2641,7 +2641,7 @@ class Exercise $queryfill = "SELECT answer FROM ".$TBL_TRACK_ATTEMPT." WHERE exe_id = '".$exeId."' AND - question_id= '".Database::escape_string($questionId)."'"; + question_id= ".intval($questionId).""; $resfill = Database::query($queryfill); $str = Database::result($resfill, 0, 'answer'); api_preg_match_all('#\[([^[]*)\]#', $str, $arr); @@ -2832,7 +2832,7 @@ class Exercise WHERE hotspot_exe_id = '".$exeId."' AND hotspot_question_id= '".$questionId."' AND - hotspot_answer_id = '".Database::escape_string($answerId)."'"; + hotspot_answer_id = ".intval($answerId).""; $result = Database::query($sql); $studentChoice = Database::result($result, 0, "hotspot_correct"); diff --git a/main/exercice/exercise_show.php b/main/exercice/exercise_show.php index 564630da94..15c93cfd05 100755 --- a/main/exercice/exercise_show.php +++ b/main/exercice/exercise_show.php @@ -72,6 +72,7 @@ if (api_is_course_session_coach( } } +$maxEditors = isset($_configuration['exercise_max_fckeditors_in_page']) ? $_configuration['exercise_max_fckeditors_in_page'] : 0; $is_allowedToEdit = api_is_allowed_to_edit(null, true) || $is_courseTutor || api_is_session_admin() || api_is_drh(); //Getting results from the exe_id. This variable also contain all the information about the exercise @@ -132,6 +133,8 @@ if ($origin != 'learnpath') { } ?> '; - } else { - //New question - echo ''; - } - } else { - echo ''; - } + // redirect + if ($objQuestion->type != HOT_SPOT && $objQuestion->type != HOT_SPOT_DELINEATION) { + if(isset($_GET['editQuestion'])) { + echo ''; + } else { + //New question + echo ''; + } + } else { + echo ''; + } } else { - if (isset($questionName)) { - echo '

    '.$questionName.'

    '; - } + if (isset($questionName)) { + echo '

    '.$questionName.'

    '; + } if (!empty($pictureName)) { echo ''; } diff --git a/main/exercice/question_create.php b/main/exercice/question_create.php index 44dbbcd3e8..b671a4a6ea 100755 --- a/main/exercice/question_create.php +++ b/main/exercice/question_create.php @@ -1,12 +1,11 @@ addElement('header','',get_lang('AddQuestionToExercise')); $question_list = Question::get_question_type_list(); $question_list_options = array(); -foreach ($question_list as $key=> $value) { +foreach ($question_list as $key=> $value) { $question_list_options[$key] = addslashes(get_lang($value[1])); } $form->addElement('select', 'question_type_hidden', get_lang('QuestionType'), $question_list_options, array('id' => 'question_type_hidden')); @@ -72,26 +71,26 @@ $form->addRule('question_type_hidden', get_lang('InvalidQuestionType'), 'validqu if ($form->validate()) { $values = $form->exportValues(); $answer_type = $values['question_type_hidden']; - + // check feedback_type from current exercise for type of question delineation - $exercise_id = intval($values['exercice']); + $exercise_id = intval($values['exercice']); $sql = "SELECT feedback_type FROM $tbl_exercices WHERE c_id = $course_id AND id = '$exercise_id'"; $rs_feedback_type = Database::query($sql); $row_feedback_type = Database::fetch_row($rs_feedback_type); $feedback_type = $row_feedback_type[0]; - + // if question type does not belong to self-evaluation (immediate feedback) it'll send an error - if (($answer_type == HOT_SPOT_DELINEATION && $feedback_type != 1) || + if (($answer_type == HOT_SPOT_DELINEATION && $feedback_type != 1) || ($feedback_type == 1 && ($answer_type != HOT_SPOT_DELINEATION && $answer_type != UNIQUE_ANSWER))) { header('Location: question_create.php?'.api_get_cidreq().'&error=true'); - exit; - } + exit; + } header('Location: admin.php?exerciseId='.$values['exercice'].'&newQuestion=yes&isContent='.$values['is_content'].'&answerType='.$answer_type); exit; } else { // header Display::display_header($nameTools); - + echo '
    '; echo ''.Display :: return_icon('back.png', get_lang('BackToExercisesList'),'',ICON_SIZE_MEDIUM).''; echo '
    '; @@ -104,13 +103,13 @@ if ($form->validate()) { } function check_question_type($parameter) { - $question_list = Question::get_question_type_list(); + $question_list = Question::get_question_type_list(); foreach ($question_list as $key => $value) { $valid_question_types[] = $key; - } + } if (in_array($parameter, $valid_question_types)) { return true; } else { return false; } -} \ No newline at end of file +} diff --git a/main/exercice/question_list_admin.inc.php b/main/exercice/question_list_admin.inc.php index 0dd8ad1b7b..cfa0de831e 100755 --- a/main/exercice/question_list_admin.inc.php +++ b/main/exercice/question_list_admin.inc.php @@ -1,128 +1,127 @@ delete($exerciseId); + // if the question exists + if ($objQuestionTmp = Question::read($deleteQuestion)) { + $objQuestionTmp->delete($exerciseId); - // if the question has been removed from the exercise - if ($objExercise->removeFromList($deleteQuestion)) { - $nbrQuestions--; - } - } - // destruction of the Question object - unset($objQuestionTmp); + // if the question has been removed from the exercise + if ($objExercise->removeFromList($deleteQuestion)) { + $nbrQuestions--; + } + } + // destruction of the Question object + unset($objQuestionTmp); } $ajax_url = api_get_path(WEB_AJAX_PATH)."exercise.ajax.php?".api_get_cidreq()."&exercise_id=".intval($exerciseId); ?> - + -
    " style="display:none;"> -

    +

    " style="display:none;"> +

    - -

    -
    - - + }); + 0; if (!$inATest) { - echo "

    ".get_lang("ChoiceQuestionType")."

    "; + echo "

    ".get_lang("ChoiceQuestionType")."

    "; } else { // Title line echo "
    "; @@ -149,7 +148,7 @@ if (!$inATest) { echo "
     
    "; echo '
    '; - if ($nbrQuestions) { + if ($nbrQuestions) { //Always getting list from DB $questionList = $objExercise->selectQuestionList(true); @@ -161,65 +160,69 @@ if (!$inATest) { $styleScore = "width:4%; float:left; padding-top:8px; text-align:center;"; if (is_array($questionList)) { - foreach ($questionList as $id) { - //To avoid warning messages - if (!is_numeric($id)) { - continue; - } - $objQuestionTmp = Question::read($id); - $question_class = get_class($objQuestionTmp); + foreach ($questionList as $id) { + //To avoid warning messages + if (!is_numeric($id)) { + continue; + } + $objQuestionTmp = Question::read($id); + $question_class = get_class($objQuestionTmp); - $clone_link = ''.Display::return_icon('cd.gif',get_lang('Copy'), array(), ICON_SIZE_SMALL).''; - /*$edit_link = ''.Display::return_icon('edit.png',get_lang('Modify'), array(), ICON_SIZE_SMALL).''; + $clone_link = ''.Display::return_icon('cd.gif',get_lang('Copy'), array(), ICON_SIZE_SMALL).''; + /*$edit_link = ''.Display::return_icon('edit.png',get_lang('Modify'), array(), ICON_SIZE_SMALL).''; if ($objQuestionTmp->type == CALCULATED_ANSWER && $objQuestionTmp->isAnswered()) { $edit_link = ''.Display::return_icon('edit_na.png',get_lang('Modify'), array(), ICON_SIZE_SMALL).''; }*/ $edit_link = ($objQuestionTmp->type == CALCULATED_ANSWER && $objQuestionTmp->isAnswered()) ? - ''.Display::return_icon( - 'edit_na.png', - get_lang('QuestionEditionNotAvailableBecauseItIsAlreadyAnsweredHoweverYouCanCopyItAndModifyTheCopy'), - array(), - ICON_SIZE_SMALL - ).'' : - ''. - Display::return_icon( - 'edit.png', - get_lang('Modify'), - array(), - ICON_SIZE_SMALL - ).''; + ''.Display::return_icon( + 'edit_na.png', + get_lang('QuestionEditionNotAvailableBecauseItIsAlreadyAnsweredHoweverYouCanCopyItAndModifyTheCopy'), + array(), + ICON_SIZE_SMALL + ).'' : + ''. + Display::return_icon( + 'edit.png', + get_lang('Modify'), + array(), + ICON_SIZE_SMALL + ).''; $delete_link = null; - if ($objExercise->edit_exercise_in_lp == true) { - $delete_link = ''.Display::return_icon('delete.png',get_lang('RemoveFromTest'), array(), ICON_SIZE_SMALL).''; - } + if ($objExercise->edit_exercise_in_lp == true) { + $delete_link = ''.Display::return_icon('delete.png',get_lang('RemoveFromTest'), array(), ICON_SIZE_SMALL).''; + } - $edit_link = Display::tag('div', $edit_link, array('style'=>'float:left; padding:0px; margin:0px')); - $clone_link = Display::tag('div', $clone_link, array('style'=>'float:left; padding:0px; margin:0px')); - $delete_link = Display::tag('div', $delete_link, array('style'=>'float:left; padding:0px; margin:0px')); - $actions = Display::tag('div', $edit_link.$clone_link.$delete_link, array('class'=>'edition','style'=>'width:100px; right:10px; margin-top: 0px; position: absolute; top: 10%;')); + $edit_link = Display::tag('div', $edit_link, array('style'=>'float:left; padding:0px; margin:0px')); + $clone_link = Display::tag('div', $clone_link, array('style'=>'float:left; padding:0px; margin:0px')); + $delete_link = Display::tag('div', $delete_link, array('style'=>'float:left; padding:0px; margin:0px')); + $actions = Display::tag('div', $edit_link.$clone_link.$delete_link, array('class'=>'edition','style'=>'width:100px; right:10px; margin-top: 0px; position: absolute; top: 10%;')); $title = Security::remove_XSS($objQuestionTmp->selectTitle()); $move = Display::return_icon('all_directions.png',get_lang('Move'), array('class'=>'moved', 'style'=>'margin-bottom:-0.5em;')); // Question name - $questionName = Display::tag('div', ''.$move.' '.cut($title, 42).'', array('style'=>$styleQuestion)); + $questionName = Display::tag( + 'div', + ''.$move.' '.cut($title, 42).'', + array('style'=>$styleQuestion) + ); - // Question type - list($typeImg, $typeExpl) = $objQuestionTmp->get_type_icon_html(); - $questionType = Display::tag('div', Display::return_icon($typeImg, $typeExpl, array(), ICON_SIZE_MEDIUM), array('style'=>$styleType)); + // Question type + list($typeImg, $typeExpl) = $objQuestionTmp->get_type_icon_html(); + $questionType = Display::tag('div', Display::return_icon($typeImg, $typeExpl, array(), ICON_SIZE_MEDIUM), array('style'=>$styleType)); - // Question category - $txtQuestionCat = Security::remove_XSS(Testcategory::getCategoryNameForQuestion($objQuestionTmp->id)); - if (empty($txtQuestionCat)) { - $txtQuestionCat = "-"; - } - $questionCategory = Display::tag('div', ''.cut($txtQuestionCat, 42).'', array('style'=>$styleCat)); + // Question category + $txtQuestionCat = Security::remove_XSS(Testcategory::getCategoryNameForQuestion($objQuestionTmp->id)); + if (empty($txtQuestionCat)) { + $txtQuestionCat = "-"; + } + $questionCategory = Display::tag('div', ''.cut($txtQuestionCat, 42).'', array('style'=>$styleCat)); - // Question level - $txtQuestionLevel = $objQuestionTmp->level; + // Question level + $txtQuestionLevel = $objQuestionTmp->level; if (empty($objQuestionTmp->level)) { $txtQuestionLevel = '-'; } @@ -229,32 +232,32 @@ if (!$inATest) { $questionScore = Display::tag('div', $objQuestionTmp->selectWeighting(), array('style'=>$styleScore)); echo '
    '; - echo '
    '; - echo $questionName; - echo $questionType; - echo $questionCategory; - echo $questionLevel; - echo $questionScore; - echo $actions; - echo '
    '; - echo '
    '; - echo '

    '; - //echo get_lang($question_class.$label); - echo get_lang($question_class); - echo '
    '; - //echo get_lang('Level').': '.$objQuestionTmp->selectLevel(); - echo '
    '; - showQuestion($id, false, null, null, false, true, false, true, $objExercise->feedback_type, true); - echo '

    '; - echo '
    '; + echo '
    '; + echo $questionName; + echo $questionType; + echo $questionCategory; + echo $questionLevel; + echo $questionScore; + echo $actions; + echo '
    '; + echo '
    '; + echo '

    '; + //echo get_lang($question_class.$label); + echo get_lang($question_class); + echo '
    '; + //echo get_lang('Level').': '.$objQuestionTmp->selectLevel(); + echo '
    '; + showQuestion($id, false, null, null, false, true, false, true, $objExercise->feedback_type, true); + echo '

    '; + echo '
    '; echo '
    '; unset($objQuestionTmp); - } - } - } + } + } + } - if (!$nbrQuestions) { - echo Display::display_warning_message(get_lang('NoQuestion')); - } - echo '
    '; //question list div + if (!$nbrQuestions) { + echo Display::display_warning_message(get_lang('NoQuestion')); + } + echo '
    '; //question list div } diff --git a/main/exercice/savescores.php b/main/exercice/savescores.php index 88583451f1..570095fefe 100755 --- a/main/exercice/savescores.php +++ b/main/exercice/savescores.php @@ -67,7 +67,7 @@ function save_scores($file, $score) } $sql = "INSERT INTO $TABLETRACK_HOTPOTATOES (exe_name, exe_user_id, exe_date, exe_cours_id, exe_result, exe_weighting) VALUES ( '".Database::escape_string($file)."', - '".Database::escape_string($user_id)."', + ".intval($user_id).", '".Database::escape_string($date)."', '".Database::escape_string($_cid)."', '".Database::escape_string($score)."', diff --git a/main/exercice/testcategory.class.php b/main/exercice/testcategory.class.php index a0a7a135c7..37e05bb300 100755 --- a/main/exercice/testcategory.class.php +++ b/main/exercice/testcategory.class.php @@ -45,8 +45,8 @@ class Testcategory public function getCategory($in_id) { $t_cattable = Database::get_course_table(TABLE_QUIZ_QUESTION_CATEGORY); - $in_id = Database::escape_string($in_id); - $sql = "SELECT * FROM $t_cattable WHERE id=$in_id AND c_id=".api_get_course_int_id(); + $in_id = intval($in_id); + $sql = "SELECT * FROM $t_cattable WHERE id = $in_id AND c_id=".api_get_course_int_id(); $res = Database::query($sql); $numrows = Database::num_rows($res); if ($numrows > 0) { @@ -104,7 +104,7 @@ class Testcategory { $t_cattable = Database :: get_course_table(TABLE_QUIZ_QUESTION_CATEGORY); $tbl_question_rel_cat = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY); - $v_id = Database::escape_string($this->id); + $v_id = intval($this->id); $sql = "DELETE FROM $t_cattable WHERE id=$v_id AND c_id=".api_get_course_int_id(); Database::query($sql); if (Database::affected_rows() <= 0) { @@ -127,11 +127,11 @@ class Testcategory public function modifyCategory() { $t_cattable = Database :: get_course_table(TABLE_QUIZ_QUESTION_CATEGORY); - $v_id = Database::escape_string($this->id); + $v_id = intval($this->id); $v_name = Database::escape_string($this->name); $v_description = Database::escape_string($this->description); $sql = "UPDATE $t_cattable SET title='$v_name', description='$v_description' - WHERE id='$v_id' AND c_id=".api_get_course_int_id(); + WHERE id = $v_id AND c_id=".api_get_course_int_id(); Database::query($sql); if (Database::affected_rows() <= 0) { return false; @@ -156,7 +156,7 @@ class Testcategory public function getCategoryQuestionsNumber() { $t_reltable = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY); - $in_id = Database::escape_string($this->id); + $in_id = intval($this->id); $sql = "SELECT count(*) AS nb FROM $t_reltable WHERE category_id=$in_id AND c_id=".api_get_course_int_id(); $res = Database::query($sql); @@ -221,9 +221,9 @@ class Testcategory $courseId = api_get_course_int_id(); } $table = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY); - $questionId = Database::escape_string($questionId); + $questionId = intval($questionId); $sql = "SELECT category_id FROM $table - WHERE question_id='$questionId' AND c_id = $courseId"; + WHERE question_id = $questionId AND c_id = $courseId"; $res = Database::query($sql); if (Database::num_rows($res) > 0) { $data = Database::fetch_array($res); @@ -256,8 +256,8 @@ class Testcategory $catid = Testcategory::getCategoryForQuestion($in_questionid, $in_courseid); $result = ""; // result $t_cattable = Database::get_course_table(TABLE_QUIZ_QUESTION_CATEGORY); - $catid = Database::escape_string($catid); - $sql = "SELECT title FROM $t_cattable WHERE id='$catid' AND c_id=$in_courseid"; + $catid = intval($catid); + $sql = "SELECT title FROM $t_cattable WHERE id = $catid AND c_id = $in_courseid"; $res = Database::query($sql); $data = Database::fetch_array($res); if (Database::num_rows($res) > 0) { diff --git a/main/exercice/testheaderpage.php b/main/exercice/testheaderpage.php index 7182589bce..1c1e630108 100755 --- a/main/exercice/testheaderpage.php +++ b/main/exercice/testheaderpage.php @@ -1,13 +1,12 @@ - '../gradebook/'.$_SESSION['gradebook_dest'], - 'name' => get_lang('ToolGradebook') - ); + 'url' => '../gradebook/'.$_SESSION['gradebook_dest'], + 'name' => get_lang('ToolGradebook') + ); } $interbreadcrumb[]= array ("url"=>"./exercice.php", "name"=> get_lang('Exercices')); Display::display_header($nameTools,"Exercise"); diff --git a/main/exercice/unique_answer.class.php b/main/exercice/unique_answer.class.php index ab68e41f93..e271318d26 100755 --- a/main/exercice/unique_answer.class.php +++ b/main/exercice/unique_answer.class.php @@ -12,7 +12,6 @@ * @author Julio Montoya * @package chamilo.exercise **/ - class UniqueAnswer extends Question { static $typePicture = 'mcua.png'; diff --git a/main/exercice/upload_exercise.php b/main/exercice/upload_exercise.php index 7b0773c169..5ceb0bfe4e 100755 --- a/main/exercice/upload_exercise.php +++ b/main/exercice/upload_exercise.php @@ -1,5 +1,6 @@ 0) { @@ -1150,7 +1150,7 @@ function move_up_down($content, $direction, $id) $sort_column = 'forum_order'; // We also need the forum_category of this forum. $sql = "SELECT forum_category FROM $table_forums - WHERE c_id = $course_id AND forum_id=".Database::escape_string($id); + WHERE c_id = $course_id AND forum_id = ".intval($id); $result = Database::query($sql); $row = Database::fetch_array($result); $forum_category = $row['forum_category']; @@ -1283,7 +1283,7 @@ function get_forum_categories($id = '') WHERE forum_categories.cat_id=item_properties.ref AND item_properties.tool='".TOOL_FORUM_CATEGORY."' AND - forum_categories.cat_id='".Database::escape_string($id)."' + forum_categories.cat_id = ".intval($id)." $condition_session ORDER BY forum_categories.cat_order ASC"; } @@ -1502,7 +1502,7 @@ function get_forums( $sql = "SELECT * FROM $table_forums forum, ".$table_item_property." item_properties WHERE forum.forum_id=item_properties.ref AND - forum_id='".Database::escape_string($id)."' AND + forum_id = ".intval($id)." AND item_properties.visibility<>2 AND item_properties.tool='".TOOL_FORUM."' $condition_session AND @@ -1514,7 +1514,7 @@ function get_forums( $sql2 = "SELECT count(*) AS number_of_threads, forum_id FROM $table_threads WHERE - forum_id=".Database::escape_string($id)." AND + forum_id = ".intval($id)." AND c_id = $course_id GROUP BY forum_id"; @@ -1522,7 +1522,7 @@ function get_forums( $sql3 = "SELECT count(*) AS number_of_posts, forum_id FROM $table_posts WHERE - forum_id=".Database::escape_string($id)." AND + forum_id = ".intval($id)." AND c_id = $course_id GROUP BY forum_id"; @@ -1531,7 +1531,7 @@ function get_forums( post.post_id, post.forum_id, post.poster_id, post.poster_name, post.post_date, users.lastname, users.firstname FROM $table_posts post, $table_users users WHERE - forum_id=".Database::escape_string($id)." AND + forum_id = ".intval($id)." AND post.poster_id=users.user_id AND post.c_id = $course_id GROUP BY post.forum_id @@ -1666,7 +1666,7 @@ function get_last_post_information($forum_id, $show_invisibles = false, $course_ $table_item_property thread_properties, $table_item_property forum_properties WHERE - post.forum_id=".Database::escape_string($forum_id)." + post.forum_id = ".intval($forum_id)." AND post.poster_id=users.user_id AND post.thread_id=thread_properties.ref AND thread_properties.tool='".TOOL_FORUM_THREAD."' @@ -1751,7 +1751,7 @@ function get_threads($forum_id, $course_code = null) ON thread.thread_poster_id=users.user_id WHERE item_properties.visibility='1' AND - thread.forum_id='".Database::escape_string($forum_id)."' + thread.forum_id = ".intval($forum_id)." ORDER BY thread.thread_sticky DESC, thread.thread_date DESC"; if (is_allowed_to_edit()) { @@ -1778,7 +1778,7 @@ function get_threads($forum_id, $course_code = null) ON thread.thread_poster_id=users.user_id WHERE item_properties.visibility<>2 AND - thread.forum_id='".Database::escape_string($forum_id)."' + thread.forum_id = ".intval($forum_id)." ORDER BY thread.thread_sticky DESC, thread.thread_date DESC"; } $result = Database::query($sql); @@ -1818,7 +1818,7 @@ function get_posts($thread_id) ON posts.poster_id = users.user_id WHERE posts.c_id = $course_id AND - posts.thread_id='".Database::escape_string($thread_id)."' + posts.thread_id = ".intval($thread_id)." ORDER BY posts.post_id ASC"; } else { @@ -1828,7 +1828,7 @@ function get_posts($thread_id) ON posts.poster_id=users.user_id WHERE posts.c_id = $course_id AND - posts.thread_id = '".Database::escape_string($thread_id)."' AND + posts.thread_id = ".intval($thread_id)." AND posts.visible='1' ORDER BY posts.post_id ASC"; } @@ -1860,7 +1860,7 @@ function get_post_information($post_id) WHERE c_id = $course_id AND posts.poster_id=users.user_id AND - posts.post_id='".Database::escape_string($post_id)."'"; + posts.post_id = ".intval($post_id).""; $result = Database::query($sql); $row = Database::fetch_array($result); @@ -1886,8 +1886,8 @@ function get_thread_information($thread_id) WHERE item_properties.tool= '".TOOL_FORUM_THREAD."' AND item_properties.c_id = $course_id AND - item_properties.ref = '".Database::escape_string($thread_id)."' AND - threads.thread_id = '".Database::escape_string($thread_id)."' AND + item_properties.ref = ".intval($thread_id)." AND + threads.thread_id = ".intval($thread_id)." AND threads.c_id = $course_id "; $result = Database::query($sql); @@ -1934,8 +1934,8 @@ function get_thread_users_details($thread_id) user.user_id = session_rel_user_rel_course.id_user AND session_rel_user_rel_course.status<>'2' AND session_rel_user_rel_course.id_user NOT IN ($user_to_avoid) AND - thread_id = '".Database::escape_string($thread_id)."' AND - id_session = '".api_get_session_id()."' AND + thread_id = ".intval($thread_id)." AND + id_session = ".api_get_session_id()." AND c_id = $course_id AND course_code = '".$course_code."' $orderby "; } else { @@ -1944,7 +1944,7 @@ function get_thread_users_details($thread_id) WHERE poster_id = user.user_id AND user.user_id = course_user.user_id AND course_user.relation_type<>".COURSE_RELATION_TYPE_RRHH." - AND thread_id = '".Database::escape_string($thread_id)."' + AND thread_id = ".intval($thread_id)." AND course_user.status NOT IN('1') AND c_id = $course_id AND course_code = '".$course_code."' $orderby"; @@ -3408,7 +3408,7 @@ function handle_mail_cue($content, $id) if ($content == 'post') { // Getting the information about the post (need the thread_id). $post_info = get_post_information($id); - $thread_id = Database::escape_string($post_info['thread_id']); + $thread_id = intval($post_info['thread_id']); // Sending the mail to all the users that wanted to be informed for replies on this thread. $sql = "SELECT users.firstname, users.lastname, users.user_id, users.email @@ -3434,9 +3434,9 @@ function handle_mail_cue($content, $id) WHERE posts.c_id = $course_id AND mailcue.c_id = $course_id AND - posts.thread_id='".Database::escape_string($id)."' + posts.thread_id = ".intval($id)." AND posts.post_notification='1' - AND mailcue.thread_id='".Database::escape_string($id)."' + AND mailcue.thread_id = ".intval($id)." AND users.user_id=posts.poster_id AND users.active=1 GROUP BY users.email"; @@ -4490,8 +4490,8 @@ function count_number_of_post_for_user_thread($thread_id, $user_id) $course_id = api_get_course_int_id(); $sql = "SELECT count(*) as count FROM $table_posts WHERE c_id = $course_id AND - thread_id=".Database::escape_string($thread_id)." AND - poster_id = ".Database::escape_string($user_id)." AND visible = 1 "; + thread_id=".intval($thread_id)." AND + poster_id = ".intval($user_id)." AND visible = 1 "; $result = Database::query($sql); $count = 0; if (Database::num_rows($result) > 0) { diff --git a/main/gradebook/gradebook_add_link.php b/main/gradebook/gradebook_add_link.php index 3e82119bec..66d370b132 100755 --- a/main/gradebook/gradebook_add_link.php +++ b/main/gradebook/gradebook_add_link.php @@ -1,5 +1,6 @@ validate() && isset($_GET['newtypeselected'])) { // reload page, this time with a parameter indicating the selected type header('Location: '.api_get_self().'?selectcat='.Security::remove_XSS($_GET['selectcat']) .'&typeselected='.$typeform->exportValue('select_link') - .'&course_code='.Security::remove_XSS($_GET['course_code'])).'&'.api_get_cidreq(); + .'&course_code='.Security::remove_XSS($_GET['course_code']).'&'.api_get_cidreq() + ); exit; } diff --git a/main/gradebook/gradebook_display_certificate.php b/main/gradebook/gradebook_display_certificate.php index 00b40d49b4..e67b950269 100755 --- a/main/gradebook/gradebook_display_certificate.php +++ b/main/gradebook/gradebook_display_certificate.php @@ -13,6 +13,9 @@ $current_course_tool = TOOL_GRADEBOOK; api_protect_course_script(); +set_time_limit(0); +ini_set('max_execution_time', 0); + require_once 'lib/gradebook_functions.inc.php'; require_once 'lib/be.inc.php'; require_once 'lib/gradebook_data_generator.class.php'; diff --git a/main/gradebook/gradebook_edit_cat.php b/main/gradebook/gradebook_edit_cat.php index ac92a2114a..af163695fe 100755 --- a/main/gradebook/gradebook_edit_cat.php +++ b/main/gradebook/gradebook_edit_cat.php @@ -21,7 +21,7 @@ $edit_cat = isset($_REQUEST['editcat']) ? intval($_REQUEST['editcat']) : ''; $htmlHeadXtra[] = ''; $htmlHeadXtra[] = ''; -$htmlHeadXtra[] = ' +